Architecture I, as shown in Figure 1, combines
intrusion detection and attack recovery to achieve this goal.
In particular, the Intrusion Detector monitors and analyzes
the trails of database sessions and transactions in a
real-time manner to identify malicious transactions as soon
as possible. Alarms of malicious transactions, when raised,
will be instantly sent to the Repair Manager, which will
locate the damage caused by the attack and repair the
damage. During the whole intrusion detection and attack
recovery process, the database continues executing new
transactions.