Abstract
The Internet enables world-wide communication for all areas of human activity. To deal with the massive data involved, companies deploy database products such as Oracle® Database, MySQL, Microsoft® SQL Server, and IBM® DB2. Databases are continuously under attack by intruders who probe for valuable customer and corporate information. Commercial databases have auditing support that facilitates after-the-fact review and analysis of data access. However, audit data collected has vendor-specific structure and content. Tools are needed to optimize response to security incidents and to proactively mine audit logs for vulnerabilities. This paper1 demonstrates some database-independent techniques aimed toward automating the management of a site’s audit information.