Data security and intrusion detection
First Claim
Patent Images
1. A method of detecting and preventing intrusion in a data at rest system comprising:
- receiving a plurality of intrusion detection profiles from an access control system, each profile including at least one item access rule, wherein a plurality of users are associated with at least one of the intrusion detection profiles;
receiving a request for data in a data at rest system from a user;
determining whether a result of said request causes the user to violate the at least one item access rule defined in the intrusion detection profile associated with the user; and
if the at least one item access rule is violated, notifying the access control system to alter user authorization, thereby preventing the result of the request from being transmitted to the user.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are provided for the detection and prevention of intrusions in data at rest systems such as file systems and web servers. Item requests are examined to determine if the request and/or the result violates an item access rule. If either the request or the result violates the item access rule, an access control manager is alerted and appropriate action is taken such as not complying with the item request. Embodiments of the invention also produce a scorecard to represent the severity of an intrusion threat.
106 Citations
31 Claims
-
1. A method of detecting and preventing intrusion in a data at rest system comprising:
-
receiving a plurality of intrusion detection profiles from an access control system, each profile including at least one item access rule, wherein a plurality of users are associated with at least one of the intrusion detection profiles;
receiving a request for data in a data at rest system from a user;
determining whether a result of said request causes the user to violate the at least one item access rule defined in the intrusion detection profile associated with the user; and
if the at least one item access rule is violated, notifying the access control system to alter user authorization, thereby preventing the result of the request from being transmitted to the user. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 17, 18)
-
-
2. The method of claim 2, further comprising:
-
accumulating results from performed requests; and
determining whether the accumulated results violate any one of said at least one item access rule. - View Dependent Claims (15, 16)
-
-
19. A system for detecting and preventing intrusion in a data at rest system comprising:
-
a data at rest system;
an access control manager in communication with the data at rest system; and
one or more sensors, wherein the access control manager promulgates item access rules and distributes the item access rules to at least one of the one or more sensors which detect violations of the item access rules and report the violations to the access control manager. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
-
27. A method of detecting and preventing intrusion in a data at rest system comprising:
-
accumulating results from performed previous requests to an item;
receiving a request for data in the data at rest system from a user;
comparing the received request with at least one Bayesian inference pattern, in order to determine whether a combination of accesses to the item match said inference pattern; and
notifying the access control system, upon determining that a combination of accesses to the item match said inference pattern, to alter an item access rule, thereby making the received request an unauthorized request, before a result is transmitted to the user.
-
-
28. A method of detecting and preventing intrusion in a database comprising:
-
accumulating results from performed previous requests to an item;
receiving a request for data in the database from a user;
comparing the received request with at least one Bayesian inference pattern, in order to determine whether a combination of accesses to the item match said inference pattern; and
notifying the access control system, upon determining that a combination of accesses to the item match said inference pattern, to alter an item access rule, thereby making the received request an unauthorized request, before a result is transmitted to the user.
-
-
29. A computer-readable medium whose contents cause a computer to perform a method of detecting and preventing intrusion in a data at rest system comprising:
-
receiving a plurality of intrusion detection profiles from an access control system, each profile including at least one item access rule, wherein a plurality of users are associated with at least one of the intrusion detection profiles;
receiving a request for data in a data at rest system from a user;
determining whether a result of said request causes the user to violate the at least one item access rule defined in the intrusion detection profile associated with the user; and
if the at least one item access rule is violated, notifying the access control system to alter user authorization, thereby preventing the result of the request from being transmitted to the user.
-
-
30. A computer-readable medium whose contents cause a computer to perform a method of detecting and preventing intrusion in a data at rest system comprising:
-
accumulating results from performed previous requests to an item;
receiving a request for data in the data at rest system from a user;
comparing the received request with at least one Bayesian inference pattern, in order to determine whether a combination of accesses to the item match said inference pattern; and
notifying the access control system, upon determining that a combination of accesses to the item match said inference pattern, to alter an item access rule, thereby making the received request an unauthorized request, before a result is transmitted to the user.
-
-
31. A computer-readable medium whose contents cause a computer to perform a method of detecting and preventing intrusion in a database comprising:
-
accumulating results from performed previous requests to an item;
receiving a request for data in the database from a user;
comparing the received request with at least one Bayesian inference pattern, in order to determine whether a combination of accesses to the item match said inference pattern; and
notifying the access control system, upon determining that a combination of accesses to the item match said inference pattern, to alter an item access rule, thereby making the received request an unauthorized request, before a result is transmitted to the user.
-
Specification