I. Introduction
Any computer that is connected to a network is vulnerable to malicious attack. The intrusion detection system can detect an attack and there are a lot of efforts in this domain like in [1] and [2]. Nevertheless, there is no guarantee that this detection will be immediate. Any delay in the detection process will give time to the attack to spread in the database. For this reason, there is always a need for an efficient recovery algorithm.