The novel program, which experts told United Press International is the first of its kind, works virtually instantaneously and allows innocent users to operate databases undisturbed at the same time.
"People use databases to make decisions about many things, from buying stocks to command and control of soldiers," researcher Peng Liu of Pennsylvania State University told UPI. "This kind of damage can lead to wrong, misleading, disastrous decisions.
"We can't prevent attackers from getting in, but with this technology, the database can heal itself on the fly," Liu explained.
All databases are vulnerable to intrusions from unauthorized users, former employees or hackers looking for a challenge. As more databases come online, computer security expert Sushil Jajodia at George Mason University expects the number of attacks to go up with them.
"I am very much concerned that a lot of computer infrastructure that we depend on every minute of the day could be under attack," Jajodia said, "and we need to find solutions so we can react to them quickly."
Software exists to detect breaches, but by then the damage may be done. Suspending a database for repairs is undesirable and often unacceptable for commercial databases such as international banks, which require 24/7 access to account data. Rolling back all database activity to before the damage began is expensive, Liu said, because the work of all untouched operations by innocent users will then be lost.
The algorithms Liu and his team have developed contain the damage by monitoring the behavior of each user in real time. When the behavior of a user appears suspicious, the program redirects his or her operations to an isolated dummy database, Liu said.
"In this way, the transactions of other, trustworthy users will not be affected," he explained. "Later on, if we found that an isolated user is actually innocent, the work of most of his or her transactions will be preserved by merging the effects of these transactions into the main database."
Contained data are restored to their latest, undamaged versions. Repairs take place very fast, right after each user command. "A medium-sized database server can repair 100 to 1,000 data objects within one second," Liu said.
"This self-healing database is taking recovery to the next step, and that's what I find most exciting about it," Jajodia said. He notes that further work needs to take place "to identify the type of attacks that malicious users can launch and come up with techniques that can respond to these different attacks."
The U.S. Air Force and the Cyber Security Group at Penn State are testing prototypes of this software. Liu and his colleagues published their findings in IEEE Transactions on Knowledge and Data Engineering.