Resource usage optimized auditing of database shared memory
First Claim
1. A non-transitory computer usable program product comprising a computer readable storage device including computer usable code for security auditing of database transactions, the computer usable code comprising:
- computer usable code for forecasting, in a data processing system, for a specified period, an available capacity of a computing resource in the data processing system, the available capacity being usable to analyze a database protocol packet, wherein the database protocol packet is stored in a shared memory during a data communication;
computer usable code for determining a number of database protocol packets expected in the shared memory during the specified period using a historical record, the historical record comprising an entry of an actual number of database protocol packets stored in the shared memory during a past period;
computer usable code for receiving feedback from the computing resource indicative of actual processor capacity usage for performing protocol analysis by the computing resource;
computer usable code for determining an analysis rate for the specified period based upon the determined number of database protocol packets expected in the shared memory during the specified period and the received feedback;
computer usable code for determining a second number of database protocol packets that can be analyzed using the available capacity of the computing resource, wherein the second number of database protocol packets is determined based upon the determined analysis rate;
computer usable code for causing, during the specified period, the second number of database protocol packets to be selected from every number of database protocol packets stored in the shared memory, the selected database protocol packets being analyzed using the computing resource during the specified period;
computer usable code for performing the analysis on the selected database protocol packets to result in partially analyzed packets;
computer usable code for sending the partially analyzed packets to a security application executing using a second computing resource in a second data processing system; and
computer usable code for sending unselected database protocol packets from the every number of database protocol packets to the security application, wherein the security application performs a security audit on the partially analyzed packets using a first amount of the second computing resource in comparison to a second amount of the second computing resource, and wherein the first amount is less than the second amount, and wherein the security application performs a database protocol analysis and a security audit on the unselected database protocol packets using the second amount of the second computing resource.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, and computer program product for security auditing of database transactions are provided in the illustrative embodiments. For a specified period, an available capacity of a computing resource in a data processing system usable to analyze a database protocol packet. The database protocol packet is stored in a shared memory during a data communication. A number of database protocol packets expected in the shared memory during the specified period is determined. Determining a second number of database protocol packets that can be analyzed using the available capacity of the computing resource is computed. During the specified period, the second number of database protocol packets is caused to be selected from every number of database protocol packets stored in the shared memory for analysis using the computing resource during the specified period.
15 Citations
11 Claims
-
1. A non-transitory computer usable program product comprising a computer readable storage device including computer usable code for security auditing of database transactions, the computer usable code comprising:
-
computer usable code for forecasting, in a data processing system, for a specified period, an available capacity of a computing resource in the data processing system, the available capacity being usable to analyze a database protocol packet, wherein the database protocol packet is stored in a shared memory during a data communication; computer usable code for determining a number of database protocol packets expected in the shared memory during the specified period using a historical record, the historical record comprising an entry of an actual number of database protocol packets stored in the shared memory during a past period; computer usable code for receiving feedback from the computing resource indicative of actual processor capacity usage for performing protocol analysis by the computing resource; computer usable code for determining an analysis rate for the specified period based upon the determined number of database protocol packets expected in the shared memory during the specified period and the received feedback; computer usable code for determining a second number of database protocol packets that can be analyzed using the available capacity of the computing resource, wherein the second number of database protocol packets is determined based upon the determined analysis rate; computer usable code for causing, during the specified period, the second number of database protocol packets to be selected from every number of database protocol packets stored in the shared memory, the selected database protocol packets being analyzed using the computing resource during the specified period; computer usable code for performing the analysis on the selected database protocol packets to result in partially analyzed packets; computer usable code for sending the partially analyzed packets to a security application executing using a second computing resource in a second data processing system; and computer usable code for sending unselected database protocol packets from the every number of database protocol packets to the security application, wherein the security application performs a security audit on the partially analyzed packets using a first amount of the second computing resource in comparison to a second amount of the second computing resource, and wherein the first amount is less than the second amount, and wherein the security application performs a database protocol analysis and a security audit on the unselected database protocol packets using the second amount of the second computing resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A data processing system for security auditing of database transactions, the data processing system comprising:
-
a storage device, wherein the storage device stores computer usable program code; and a processor, wherein the processor executes the computer usable program code, and wherein the computer usable program code comprises; computer usable code for forecasting, in a data processing system, for a specified period, an available capacity of a computing resource in the data processing system, the available capacity being usable to analyze a database protocol packet, wherein the database protocol packet is stored in a shared memory during a data communication; computer usable code for determining a number of database protocol packets expected in the shared memory during the specified period using a historical record, the historical record comprising an entry of an actual number of database protocol packets stored in the shared memory during a past period; computer usable code for receiving feedback from the computing resource indicative of actual processor capacity usage for performing protocol analysis by the computing resource; computer code for determining an analysis rate for the specified period based upon the determined number of database protocol packets expected in the shared memory during the specified period and the received feedback; computer usable code for determining a second number of database protocol packets that can be analyzed using the available capacity of the computing resource, wherein the second number of database protocol packets is determined based upon the determined analysis rate; computer usable code for causing, during the specified period, the second number of database protocol packets to be selected from every number of database protocol packets stored in the shared memory, the selected database protocol packets being analyzed using the computing resource during the specified period; computer usable code for performing the analysis on the selected database protocol packets to result in partially analyzed packets; computer usable code for sending the partially analyzed packets to a security application executing using a second computing resource in a second data processing system; and computer usable code for sending unselected database protocol packets from the every number of database protocol packets to the security application, wherein the security application performs a security audit on the partially analyzed packets using a first amount of the second computing resource in comparison to a second amount of the second computing resource, and wherein the first amount is less than the second amount, and wherein the security application performs a database protocol analysis and a security audit on the unselected database protocol packets using the second amount of the second computing resource.
-
-
10. A computer program product comprising:
-
a computer readable storage medium; and computer code stored on the computer readable storage medium, with the computer code including instructions and data for causing a processor(s) set to perform at least the following operations; intercepting, by a monitoring agent on running a first computer, intercepted audit data that was sent at an auditing engine running on a second computer; responsive to the interception of the intercepted data, determining, by the monitoring agent, that a load on the first computer is below a predetermined threshold; responsive to the determination that the load on the first computer is below the predetermined threshold, performing, by the monitoring agent, at least a first auditing step of a predetermined plurality of ordered auditing steps to obtain intermediate audit data; and sending by the monitoring agent, through a communication network and to the auditing engine, the intermediate audit data so that performance of the plurality of auditing steps consumes resources of the first computer to save load on the second computer in a contingent manner that depends upon a current load on the first computer; and wherein the auditing engine performs a security audit on the intermediate audit data, and wherein the auditing engine further performs a database protocol analysis and a security audit on a portion of the audit data for which the first auditing step was not performed by the monitoring agent. - View Dependent Claims (11)
-
Specification