• Journal of KIISE
• /
• v.44 no.1
• /
• pp.1-12
• /
• 2017

The continuously growing internet service requirements has resulted in a multitier system structure consisting of web server and database (DB) server. In this multitier structure, the existing intrusion detection system (IDS) detects known attacks by matching misused traffic patterns or signatures. However, malicious change to the contents at DB server through hypertext transfer protocol (HTTP) requests at the DB server cannot be detected by the IDS at the DB server's end, since the DB server processes structured query language (SQL) without knowing the associated HTTP, while the web server cannot identify the response associated with the attacker's SQL query. To detect these types of attacks, the malicious user is tracked using knowledge on interaction between HTTP request and SQL query. However, this is a practical challenge because system's source code analysis and its application logic needs to be understood completely. In this study, we proposed a scheme to find the HTTP request associated with a given SQL query using only system log files. We first generated an HTTP request-SQL query map from system log files alone. Subsequently, the HTTP request associated with a given SQL query was identified among a set of HTTP requests using this map. Computer simulations indicated that the proposed scheme finds the HTTP request associated with a given SQL query with 94% accuracy.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.2
• /
• pp.59-66
• /
• 2017

MySQL database is the second place in the market share of the current database. Especially InnoDB storage engine has been used in the default storage engine from the version of MySQL5.5. And many companies are using the MySQL database with InnoDB storage engine. Study on the structural features and the log of the InnoDB storage engine in the field of digital forensics has been steadily underway, but for how to restore on a record-by-record basis for the deleted data, has not been studied. In the process of digital forensic investigation, database administrators damaged evidence for the purpose of destruction of evidence. For this reason, it is important in the process of forensic investigation to recover deleted record in database. In this paper, We proposed the method of recovering deleted data on a record-by-record in database by analyzing the structure of MySQL InnoDB storage engine. And we prove this method by tools. This method can be prevented by database anti forensic, and used to recover deleted data when incident which is related with MySQL InnoDB database is occurred.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.805-808
• /
• 2014

The DBMS is a database management software system to access by people. It is an open source DBMS, such as MySQL and commercial services, such as ORACLE. Since MySQL has been acquired by Oracle, MariaDB released increase demand. NoSQL also are increasing, the trend is of interest, depending on the circumstances. Based on the same type of mass data, Depending on the performance comparison between the open source DBMS is required, and The study compared the performance between MariaDB and MongoDB. This paper proposes a DBMS for big data to process.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.686-690
• /
• 2003

웹 응용프로그램에 대한 위협이 점차 확산되면서 오늘날 많은 Web Application Firewall들이 등장하고 있다. 하지만, 대부분의 기관에서 웹 서버 자체의 변조는 기관의 미지 실추를 제외하면 업무상 큰 문제를 유발하지 않는다. 웹 서버에 대한 보안을 고려하는 이유는 웹 서버가 침입을 당할 경우 DB 서버의 내용에 손상이 가해질 수 있기 때문이다. 본 고에서는 Web Application Firewall과 연동하여 허용되는 SQL 질의패턴을 자동으로 생성하여 불법적인 SQL 질의를 차단하는 DB Application Firewall을 제안한다. 이를 통해 웹 응용프로그램의 취약점으로 인해 SQL 질의가 변조되더라도 DB 서버에 해당SQL질의가 전달되는 것을 차단할 수 있다.

• International Journal of Computer Science & Network Security
• /
• v.22 no.12
• /
• pp.107-115
• /
• 2022

Recently, big data applications need another database different from the Relation database. NoSQL databases are used to save and handle massive amounts of data. NoSQL databases have many advantages over traditional databases like flexibility, efficiently processing data, scalability, and dynamic schemas. Most of the current applications are based on the web, and the size of data is in increasing. NoSQL databases are expected to be used on a more and large scale in the future. However, NoSQL suffers from many security issues, and one of them is access control. Many recent applications need Fine-Grained Access control (FGAC). The integration of the NoSQL databases with FGAC will increase their usability in various fields. It will offer customized data protection levels and enhance security in NoSQL databases. There are different NoSQL database models, and a document-based database is one type of them. In this research, we choose the CouchDB NoSQL document database and develop an access control mechanism that works at a fain-grained level. The proposed mechanism uses role-based access control of CouchDB and restricts read access to work at the document level. The experiment shows that our mechanism effectively works at the document level in CouchDB with good execution time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.123-134
• /
• 2014

As the data gets bigger recently, the demand for relational database management system (RDBMS) and NoSQL DBMS to process big data has been increased consistently. The digital forensic investigation method for RDBMS has been studied actively, but that for NoSQL DBMS, which is popularly used nowadays, has almost no research. This paper proposes the digital forensic investigation process and method for MongoDB, the most popularly used among NoSQL DBMS.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.18 no.6
• /
• pp.237-242
• /
• 2018

Recently, media data is increasing due to the development of Internet and SNS. Since photographs and videos often have geo-tags, many techniques have been developed to analyze them. In order to process various kind of such as SNS, NoSQL has been covered. However, most NoSQL does not have enough computation and query about spatial data. Therefore, in this paper, we designed and implemented a system for adding spatial operators using MongoDB among the representative NoSQL. Through this study, it is confirmed that various operators can be used and it is expected that various services can be performed using operators.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.631-634
• /
• 2014

When to build a Web and Cloud Computing environment, it is essential to used a database system. Database systems includes commercial programs, such as Oracle and MS-SQL, but also similar to the performance of commercial applications, there are many free programs. In particular, PostgreSQL, MySQL, MariaDB are no costs, but the source is open to the public can be applied to a variety of environments. This paper presents an open source relational database management system, the trends are examined.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.9 no.3
• /
• pp.298-305
• /
• 2016

Various NoSQL databases are more excellent to process a large amount of big data than existing relational databases such as MySQL, PostgreSQL and Oracle. Among widely used NoSQL databases, performance of HBase, Cassandra, MongoDB and Redis was comparatively assessed. For distributed processing of a large amount of data, 12 servers were connected through switching hub and Ubuntu was installed as operating system. As for benchmark tool, YCSB was applied. Read and update ratios changed from 50% and 50%, 95% and 5% and finally, 100% and 0% and each of them was assessed as 200,000 commands developed into 1,200,000 commands for each case. Cassandra was most excellent with transaction processing per second while MongoDB was most excellent with the number of processes carried out per unit time.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.957-959
• /
• 2013

A SNS(Social Networking Service) is an online platform to build social networks or social relations among people who, for example, share free communication, information, and make more personal connections. In this paper, we find representative entities, develop relationships among them, and draw an ERD based on the entities and their relationships. And then we design a SNS database schema by converting the ERD into collections according to data model of MongoDB, which is an NoSQL database.