Real-time training for a computer code intrusion detection system
First Claim
Patent Images
1. A computer-implemented method for training a database intrusion detection system in real time, said method comprising the steps of:
- observing, in real time, commands that are accessing the database during a training phase;
establishing categories responsive to the observed commands;
grouping the commands into the categories;
performing a statistical analysis of the categories, the analysis comprising determining whether a predetermined threshold number of categories has been exceeded;
deriving from said commands, in real time, a set of acceptable commands; and
ending the training phase responsive to a determination that the predetermined threshold number of categories has been exceeded.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and computer-readable media for training a computer code intrusion detection system in real time. A method embodiment of the present invention comprises the steps of observing (22), in real time, commands (5) that are accessing the computer code (1); and deriving (23) from said commands (5), in real time, a set (6) of acceptable commands.
-
Citations
19 Claims
-
1. A computer-implemented method for training a database intrusion detection system in real time, said method comprising the steps of:
-
observing, in real time, commands that are accessing the database during a training phase; establishing categories responsive to the observed commands; grouping the commands into the categories; performing a statistical analysis of the categories, the analysis comprising determining whether a predetermined threshold number of categories has been exceeded; deriving from said commands, in real time, a set of acceptable commands; and ending the training phase responsive to a determination that the predetermined threshold number of categories has been exceeded. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer-readable storage medium containing computer program instructions for training a database intrusion detection system in real time, said computer program instructions performing the steps of:
-
observing, in real time, commands that are accessing the database during a training phase; establishing categories responsive to the observed commands; grouping the commands into the categories; performing a statistical analysis of the categories, the analysis comprising determining whether a predetermined threshold number of categories has been exceeded; deriving from said commands, in real time, a set of acceptable commands; and ending the training phase responsive to a determination that the predetermined threshold number of categories has been exceeded. - View Dependent Claims (16, 17)
-
-
18. A computer-readable storage medium storing computer executable program code for training a database intrusion detection system in real time, the computer-executable code comprising:
-
a training module adapted for observing, in real time, commands that are accessing the database during a training phase, establishing categories responsive to the observed commands, grouping the commands into the categories, performing a statistical analysis of the categories to determine whether a predetermined threshold number of categories has been exceeded, deriving from the commands, in real time, a set of acceptable commands, and ending the training phase responsive to a determination that the predetermined threshold number has been exceeded; and coupled to the set of acceptable commands, a comparison module for comparing the commands that access the database during an operational phase with the commands in the set of acceptable commands. - View Dependent Claims (19)
-
Specification