Improving damage assessment efficacy in case of frequent attacks on databases

Abstract

A database log is the primary resource for damage assessment and recovery after an electronic attack. The log is a sequential file stored in the secondary storage and it can grow to humongous proportions in course of time. Disk I/O speed dictates how fast damage assessment and recovery can be done. To make the process of damage assessment and recovery more efficient, segmenting the log based on different criteria has been proposed before. But the trade off is that, either segmenting the log involves a lot of computation or damage assessment is a complicated process. In this research we propose to strike a balance. We propose a hybrid log segmentation method that will reduce the time taken to perform damage assessment while still segmenting the log fast enough so that no intricate computation is necessary. While performing damage assessment, we re-segment the log based on transaction dependency. Thus during repeated damage assessment procedures, we create new segments with dependent transactions in them so that the process of damage assessment becomes faster when there are repeated attacks on the system. © 2004 by International Federation for Information Processing.