Analysis of modern tools, methods of audit and monitoring of database security

The mismatch between modern technological innovations and traditional approaches to information security can significantly affect the effectiveness of database monitoring systems. This paper examines the ethical and legal aspects of database monitoring, taking into account current regulatory requirements and the importance of maintaining data confidentiality. The study also evaluates the use of each tool to determine their effectiveness in real-world conditions, the possibility of improving the functional characteristics of monitoring systems, their adaptation to new technologies and increasing the overall level of information protection.

Keywords:

databases, audit, monitoring, cybersecurity, data protection, security management

References

[1] Cinar O. et al.: Database Security in Private Database Clouds. International Conference on Information Science and Security (ICISS), Pattaya, Thailand, 2016, 1–5 [http://doi.org/10.1109/ICISSEC.2016.7885847].

[2] Deineka O. et al.: Designing Data Classification and Secure Store Policy According to SOC 2 Type II. CEUR Workshop Proceedings, 2024, 3654, 398–409 [https://ceur-ws.org/Vol-3654/short7.pdf].

[3] Devara S. R., Azad C.: Improved Database Security Using Cryptography with Genetic Operators. SN Computer Science 4(5), 2023, 570 [http://doi.org/10.1007/s42979-023-01990-z].

[4] Dou K. et al.: Research on Mainstream Data Base Security Analysis Technology of Big Data Platform. IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C). Hainan, China, 2021, 994–998 [http://doi.org/10.1109/QRS-C55045.2021.00150].

[5] Dreis Yu. et al.: Model to Formation Data Base of Internal Parameters for Assessing the Status of the State Secret Protection. Cybersecurity Providing in Information and Telecommunication Systems 3654, 2024, 277–289 [https://ceur-ws.org/Vol-3654/paper23.pdf].

[6] Falchenko S. et al.: Method of Fuzzy Classification of Information with Limited Access. IEEE 2nd International Conference on Advanced Trends in Information Theory (IEEE ATIT 2020). Kyiv, Ukraine, 2020, 255–259 [http://doi.org/10.1109/ATIT50783.2020.9349358].

[7] Flores D. A. et al.: Implementing Chain of Custody Requirements in Database Audit Records for Forensic Purposes. IEEE Trustcom/BigDataSE/ICESS, 2017, 675–682 [http://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.299].

[8] Hong S. et al.: Data Auditing for Intelligent Network Security Monitoring. IEEE Communications Magazine 61(3), 2023, 74–79 [http://doi.org/10.1109/MCOM.003.2200046].

[9] Huang Q. et al.: A Logging Scheme for Database Audit. Second International Workshop on Computer Science and Engineering. Qingdao, China, 2009, 390–393 [http://doi.org/10.1109/WCSE.2009.837].

[10] Huijie W.: A Security Framework for Database Auditing System. 10th International Symposium on Computational Intelligence and Design. Hangzhou, China, 2017, 350–353 [http://doi.org/10.1109/ISCID.2017.64].

[11] Ivanichenko Y. et al.: Restricted Information Identification Model. Cybersecurity Providing in Information and Telecommunication Systems 3288, 2022, 89–95 [https://ceur-ws.org/Vol-3288/short5.pdf].

[12] Kehe Wu et al.: The Design and Implementation of Database Audit System Framework. IEEE 5th International Conference on Software Engineering and Service Science, 2014 [http://doi.org/10.1109/ICSESS.2014.6933628].

[13] Korchenko O. et al.: Tuple Model for Forming a Database of Primary Parameters for Assessing the State Secret Protection Status. Ukrainian Scientific Journal Infjrmation Security 28(1), 2022, 35–42 [http://doi.org/10.18372/2225-5036.28.16911].

[14] Lakhdhar Y. et al.: Active, Reactive and Proactive Visibility-Based Cyber Defense for Defending Against Attacks on Critical Systems. International Wireless Communications and Mobile Computing (IWCMC). Limassol, Cyprus, 2020, 439–444 [http://doi.org/10.1109/IWCMC48107.2020.9148400].

[15] Liegang Han et al.: HDTSM: Hybrid Dynamic Token-based Security Mechanism for Database Protection in E-Government Service Systems. International Conference on Artificial Intelligence and Automation Control (AIAC), 2023, 94–98 [http://doi.org/10.1109/AIAC61660.2023.00029].

[16] Martseniuk Y. et al.: Automated Conformity Verification Concept for Cloud Security. CEUR Workshop Proceedings 3654, 2024, 25–37 [https://ceur-ws.org/Vol-3654/paper3.pdf].

[17] Martseniuk Y. et al.: Shadow IT risk analysis in public cloud infrastructure. Cyber Security and Data Protection 2024, 22–31 [https://ceur-ws.org/Vol-3800/paper3.pdf].

[18] Martseniuk Y. et al.: Universal Centralized Secret Data Management for Automated Public Cloud Provisioning. Cybersecurity Providing in Information and Telecommunication Systems 2, 2024, 72–81 [https://ceur-ws.org/Vol-3826/paper7.pdf].

[19] Motwani R. et al.: Auditing SQL Queries. IEEE 24th International Conference on Data Engineering. Cancun, Mexico, 2008, 287–296 [http://doi.org/10.1109/ICDE.2008.4497437].

[20] Mousa A. et al.: Database Security Threats and Challenges. 8th International Symposium on Digital Forensics and Security (ISDFS). Beirut, Lebanon, 2020, 1–5 [http://doi.org/10.1109/ISDFS49300.2020.9116436].

[21] Ozkan-Okay M. et al.: A Comprehensive Survey: Evaluating the Efficiency of Artificial Intelligence and Machine Learning Techniques on Cyber Security Solutions. IEEE Access 12, 2024, 12229–12256 [http://doi.org/10.1109/ACCESS.2024.3355547].

[22] Paradisi M.: Proactive and Predictive Risk Management in Aviation Safety: A Corporate Strategic Approach. IEEE International Workshop on Technologies for Defense and Security (TechDefense). 2023, 34–39 [http://doi.org/10.1109/TechDefense59795.2023.10380870].

[23] Semančik L.: Recording of Data Monitoring Access to Databases Using Triggers. Communication and Information Technologies (KIT). Vysoke Tatry, Slovakia, 2019, 1–5 [http://doi.org/10.23919/KIT.2019.8883478].

[24] Seok-Woo Lee et al.: Database Security System Based on User Identification. Journal of Digital Contents Society 25(4), 2024, 1079–1085 [http://doi.org/10.9728/dcs.2024.25.4.1079].

[25] Shevchenko S. et al.: Protection of Information in Telecommunication Medical Systems Based on a Risk-Oriented Approach, Cybersecurity Providing in Information and Telecommunication Systems 3421, 2023, 158–167 [https://ceur-ws.org/Vol-3421/paper16.pdf].

[26] Shevchuk D. et al.: Designing Secured Services for Authentication, Authorization and Accounting of Users (short paper). CPITS II, 2023, 217–225 [https://ceur-ws.org/Vol-3550/short4.pdf].

[27] Skladannyi P. et al.: Model to Formation Data Base of Secondary Parameters for Assessing Status of the State Secret Protection. Conference Cyber Security and Data Protection, Lviv, Ukraine, 3800, 2024, 1–11 [https://ceur-ws.org/Vol-3800/paper1.pdf].

[28] Wang Y. et al.: The Overview of Database Security Threats’ Solutions: Traditional and Machine Learning. Journal of Information Security 12, 2021, 34–55 [http://doi.org/10.4236/jis.2021.121002].

[29] Yongzheng Wu et al.: A User-Level Framework for Auditing and Monitoring. 21st Annual Computer Security Applications Conference (ACSAC'05). Tucson, USA, 2005, 101–105 [http://doi.org/10.1109/CSAC.2005.8].

[30] GDE DSM Installation Guide v3.0.0.2. [https://www.ibm.com/support/ pages/system/files/inline-files/$FILE/GDE_DSM_Install_Guide_v3.0.0.2_ v1_0.pdf].

[31] IBM Security Guardium Data Protection – Incident management. [https://icore.kz/upravlenie-inczidentami/ibm-security-guardium-data-protection].

[32] Integrity Oracle Security Blog – What is Oracle Audit Vault. [https://www.integrigy.com/oracle-security-blog/what-oracle-audit-vault].

[33] Microsoft Learn – SQL Server Audit (Database Engine). [https://learn.microsoft.com/en-us/sql/relational-databases/security/auditing/ sql-server-audit-database-engine?view=sql-server-ver16].

[34] Oracle Documentation Audit Vault and Database Firewall. [https://docs.oracle.com/en/database/oracle/audit-vault-database-firewall/20/sigli/index.html#GUID-E11B3C13-8BD4-449F-8E9E-27B9898D778D].

[35] SecureSphere Management Solutions. [https://www.imperva.com/resources/datasheets/DS_SecureSphere_Management_Solutions.pdf].

[36] Splunk – The Essential Guide to Data. [https://www.splunk.com/en_us/pdfs/ebooks/the-essential-guide-to-data.pdf].

[37] What Is Splunk & What Does It Do? A Splunk Intro. [https://www.splunk.com/en_us/blog/learn/what-splunk-does.html].

Mykhailyshyn, K., Harasymchuk, O., Deineka, O., Dreis, Y., Shulha, V., & Pepa, Y. (2025). Analysis of modern tools, methods of audit and monitoring of database security. Informatyka, Automatyka, Pomiary W Gospodarce I Ochronie Środowiska, 15(4), 124–129. https://doi.org/10.35784/iapgos.6993

Analysis of modern tools, methods of audit and monitoring of database security

Issue Vol. 15 No. 4 (2025)

Archives

DOI

Authors

Abstract

Keywords:

References

License

Article Sidebar

Issue Vol. 15 No. 4 (2025)

Archives

Main Article Content

DOI

Authors

Abstract

Keywords:

References

Article Details

License