Abstract
The Internet enables people to communicate with others from different parts of the world, and businesses to expand their markets beyond national borders. The number of internet users has increased 8 folds since 1998, from 170 million in 1998 to 2760 million in 2013 [1] . According to Forbes, “ for the full year it estimates that US ecommerce will generate $262.3 billion in sales, an increase of 16.4% year over year and slightly higher than the 16.2% increase last year. By 2017, eMarketer estimates that there will be $440 billion in sales for a compound annual growth rate (CAGR) of 13.8% [2]. ” The growths of online companies such as Amazon.com and EBAY.com have outpaced the traditional brick-and-mortar stores. To deal with the massive data generated, companies maintain commercial database systems such as Oracle® Database, MySQL, Microsoft® SQL, and IBM® DB. These databases are increasingly under attacks from hackers for their valuable customers’ information and proprietary technologies. Protecting the database is therefore, the utmost concern of these database administrators (DBAs). Commercial databases have some forms of built-in security and auditing features that allow DBAs to audit their database systems. However, the auditing process can be complicated and is very time consuming, as DBAs have to set polices and manually perform the audit. Therefore, suspicious activities may not be discovered until much later time. Audit data are stored in the extensive built-in system logs, and they can only be queried through the predefined log views. In a similar way to encrypted data, which has no further useful purpose in the encrypted form, these audit data cannot be used to create custom security reports and alerts, other than to read-only. To be able to use these audit data for other beneficial purposes, such as creating custom security reports and alerts, manipulation of these data is required. This project introduces an application (app) that utilizes Oracle DBMS_scheduler package to automatically create programs and jobs to collect data on pre-determined schedules. The app also creates predefined tables, which are similar to Oracle audit views, to manipulate these data, without affecting the data integrity. The application is coded in Oracle’s 3GL language, PL/SQL, and tested on Oracle® SQL database version 11g Express Edition. This project demonstrates that a user friendly, yet effective, database-monitoring application can be quickly designed and built. The app automatically notifies the database administrators about violations of unauthorized operations and accesses to particular database system resources.