Device, system and method of database security
First Claim
Patent Images
1. A method for detecting an intrusion to a database, the method comprising:
- providing a detection profile corresponding to said database;
deriving one or more structure maps of operating memory associated with said database, said structure maps including one or more parameters defining how said database uses said operating memory;
when a transaction with said database occurs, using at least one structure map of said structure maps to retrieve information about the transaction from the memory; and
analyzing said transaction information to generate an event corresponding to a suspicious transaction based on said detection profile.
12 Assignments
0 Petitions
Accused Products
Abstract
Some demonstrative embodiments of the invention relate to a method, device and system of database security. One demonstrative embodiment of the invention includes an intrusion detection sensor to scan transactions on a database, and generate an event based on a detection profile. Other embodiments are described and claimed.
-
Citations
30 Claims
-
1. A method for detecting an intrusion to a database, the method comprising:
-
providing a detection profile corresponding to said database; deriving one or more structure maps of operating memory associated with said database, said structure maps including one or more parameters defining how said database uses said operating memory; when a transaction with said database occurs, using at least one structure map of said structure maps to retrieve information about the transaction from the memory; and analyzing said transaction information to generate an event corresponding to a suspicious transaction based on said detection profile. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A database intrusion detection sensor comprising:
-
a memory access module adapted to retrieve transaction information from an operating memory associated with the database using at least one derived memory structure map, said structure map defining one or more parameters of said operating memory; and a profile module adapted to analyze said transaction information to generate an event based on a detection profile. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A database system comprising:
-
a database host comprising a database and an operating memory associated with said database; an intrusion detection sensor installed on said database host, wherein said intrusion detection sensor is adapted to retrieve transaction information from said memory using at least one derived memory structure map and to generate an event based on a detection profile, said structure map defining one or more parameters of said memory; and a server adapted to communicate with said intrusion detection sensor. - View Dependent Claims (28, 29, 30)
-
Specification