Delayed replication for protection of replicated databases
First Claim
1. An apparatus for providing protection for a plurality of data servers configured to provide data replication for a database, the apparatus comprising:
- at least one processing circuit, including a programmed computer, configured to;
receive a record that specifies a possibly malicious modification performed on a first version of the database stored on a first data server of the plurality of data servers;
delay replication of the modification indicated by the record in at least a second data server of the plurality of data servers for a length of time specified for the second data server in a security profile, wherein the length of time is set at least in part in response or relative to receipt of the record that specifies a possibly malicious modification;
during the length of time in which replication is delayed, determine a probability that the modification indicated by the record is malicious based on respective quantizations of a first set of factors indicated in a security profile, the respective quantizations collectively exceeding a threshold level which is indicative of anomalous data access activity; and
prevent replication of the modification indicated by the record on a second version of the database stored in the second data server in response to the threshold level being exceeded.
5 Assignments
0 Petitions
Accused Products
Abstract
Apparatuses and methods are disclosed for protection of data servers configured for data replication of a database. As an example, one apparatus includes at least one processing circuit configured to receive records indicating respective modifications performed on a first version of the database stored in a first data server of the plurality of data servers. The at least one processing circuit is configured to delay replication of the modification in one or more additional servers in the plurality of data servers for a respective length of time specified for the servers in a security profile. While delaying replication of the modification, the processing circuit determines a probability that the modification is malicious based on a first set of factors indicated in a security profile. If the probability is greater than a threshold specified in the security profile, the processing circuit prevents the modification from being performed.
-
Citations
20 Claims
-
1. An apparatus for providing protection for a plurality of data servers configured to provide data replication for a database, the apparatus comprising:
at least one processing circuit, including a programmed computer, configured to; receive a record that specifies a possibly malicious modification performed on a first version of the database stored on a first data server of the plurality of data servers; delay replication of the modification indicated by the record in at least a second data server of the plurality of data servers for a length of time specified for the second data server in a security profile, wherein the length of time is set at least in part in response or relative to receipt of the record that specifies a possibly malicious modification; during the length of time in which replication is delayed, determine a probability that the modification indicated by the record is malicious based on respective quantizations of a first set of factors indicated in a security profile, the respective quantizations collectively exceeding a threshold level which is indicative of anomalous data access activity; and prevent replication of the modification indicated by the record on a second version of the database stored in the second data server in response to the threshold level being exceeded. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
11. A method for providing protection for a plurality of data servers configured to provide data replication for a database, the method performed by a processing circuit including a CPU and comprising:
-
receiving a record that specifies a possibly malicious modification performed on a first version of the database stored on a first data server of the plurality of data servers; delaying replication of the modification indicated by the record in at least a second data server of the plurality of data servers for a length of time specified for the second data server in a security profile, wherein the length of time is set at least in part in response or relative to receipt of the record that specifies a possibly malicious modification; during the length of time in which replication is delayed, determining a probability that the modification indicated by the record is malicious based on respective quantizations of a first set of factors indicated in a security profile, the respective quantizations collectively exceeding a threshold level which is indicative of anomalous data access activity; and preventing replication of the modification indicated by the record on a second version of the database stored in the second data server in response to the probability exceeding a threshold level specified in the security profile. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification