I-Corps: Tools for Database Forensic Analysis and Intrusion Detection

I-Corps：数据库取证分析和入侵检测工具

• 批准号: 2015769
• 负责人: Alexander Rasin
• 金额: $ 5万
• 依托单位: DePaul University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-06-01 至 2020-11-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2015769&HistoricalAwards=false
• 关键词: Corps; Tools; Database; Forensic; Analysis

The broader impact/commercial potential of this I-Corps project is to address and mitigate the ongoing problem of pervasive data breaches. It will provide forensic analysts with tools for investigating database management systems (DBMS), currently a black box in most investigations. It will do so by combining previously developed forensic analysis approaches with user-friendly interpretation and reports. For existing data monitoring security solutions, this project will eliminate the security gaps that remain exploitable in cybersecurity tools. Current security solutions can only react to the logged activity, leaving a variety of hacks (e.g., abusing super-privileges or hacking) to bypass the log records. The outcome of this project will detect and report malicious data access stemming from actions that bypassed existing security mechanisms.This I-Corps project will develop new approaches for presenting digital artifacts from a database to forensic and security analysts. Rather than merely present the individual forensic artifacts, this project will target creation of evidential reports supporting user search and providing chain-of-custody guarantees sufficient as evidence. By tracing the data flow occurring inside the database, this project will enable interpretation and sound evidence in cases of malicious data access or tampering within a database.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

I-Corps项目更广泛的影响/商业潜力是解决和减轻普遍存在的数据泄露问题。它将为法医分析人员提供调查数据库管理系统（DBMS）的工具，目前在大多数调查中都是一个黑匣子。它将通过将以前开发的法医分析方法与用户友好的解释和报告相结合来做到这一点。对于现有的数据监控安全解决方案，该项目将消除网络安全工具中仍然存在的安全漏洞。当前的安全解决方案只能对记录的活动做出反应，从而导致各种黑客攻击（例如，滥用超级特权或黑客攻击）绕过日志记录。该项目的结果将检测和报告源自绕过现有安全机制的操作的恶意数据访问。这个I-Corps项目将开发新的方法，将数据库中的数字文物呈现给法医和安全分析人员。这个项目的目标不是仅仅展示单个的取证工件，而是创建支持用户搜索的证据报告，并提供足够的监管链保证作为证据。通过跟踪数据库内发生的数据流，该项目将在数据库内恶意数据访问或篡改的情况下提供解释和可靠的证据。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。