Damage assessment and recovery from malicious transactions using data dependency for defensive information warfare

Abstract

With the advancement of Internet technology, securing information systems from electronic attacks have become a significant concern. With all the preventive methods, malicious users still find new methods that overcome the system security, and access and modify the sensitive information. To make the process of damage assessment and recovery fast and efficient and in order not to scan the whole log, researchers have proposed different methods for segmenting the log, and accordingly presented different damage assessment and recovery algorithms. Since even segmenting the log into clusters may not solve the problem, as clusters/segments may grow to be humongous in size, this is in case of high data/transaction dependency, we suggest a method for segmenting the log into clusters and its sub-clusters; i.e, segmenting the cluster; based on exact data dependency [12], into sub-clusters; based on two different criteria: number of data items or space occupied. In this work, we also present damage assessment and recovery algorithms, and show the performance results.