Method for intrusion detection in a database system

US 20030101355A1
Filed: 12/28/2001
Published: 05/29/2003
Est. Priority Date: 11/23/2001
Status: Active Grant

First Claim

Patent Images

1. A method for detecting intrusion in a database managed by an access control system, comprising:

defining at least one intrusion detection profile, each including at least one item access rate;

associating each user with one of said defined profiles;

receiving a query from a user;

determining whether a result of said query exceeds any one of the item access rates defined in the profile associated with the user; and

notifying the access control system, upon determining that the result exceeds any one of the at least one item access rates defined in the associated profile, to alter user authorization, thereby making the received requested query an unauthorized request, before the result of the query is transmitted to the user.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for detecting intrusion in a database, managed by an access control system, includes defining at least one intrusion detection profile and associating each user with one of said profiles. Each profile includes at least one item access rate. Further, the method determines whether a result of a query exceeds any one of the item access rates defined in the profile associated with the user. In such a case, the access control system is notified to alter the user authorization, thereby making the received request an unauthorized request, before the result is transmitted to the user. Such a method allows for a real time prevention of intrusion by letting the intrusion detection process interact directly with the access control system, and change the user authority dynamically as a result of the detected intrusion.

90 Citations

View as Search Results

11 Claims

1. A method for detecting intrusion in a database managed by an access control system, comprising:
- defining at least one intrusion detection profile, each including at least one item access rate;
  
  associating each user with one of said defined profiles;
  
  receiving a query from a user;
  
  determining whether a result of said query exceeds any one of the item access rates defined in the profile associated with the user; and
  
  notifying the access control system, upon determining that the result exceeds any one of the at least one item access rates defined in the associated profile, to alter user authorization, thereby making the received requested query an unauthorized request, before the result of the query is transmitted to the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - accumulating results from performed queries in a record; and
      
      determining whether the accumulated results exceed any one of said at least one item access rate.
  - 3. The method of claim 1, wherein items subject to item access rates are marked in the database, and wherein any query concerning said items automatically trigger the intrusion detection.
  - 4. The method of claim 3, wherein the step of determining whether an item access rate is exceeded includes determining if the query result includes rows from marked items, and proceeding with the intrusion detection process only upon determining that the item access rate is exceeded.
  - 5. The method of claim 1, wherein one of said at least one item access rates defines the number of rows a user may access from a database item at one time.
  - 6. The method of claim 1, wherein one of said at least on item access rates defines the number of rows a group of users may access from a database item at one time.
  - 7. The method of claim 1, wherein one of said at least on item access rates defines the number of rows that may be accessed from a database item over a period of time.
  - 8. The method of claim 1, wherein one of said at least on item access rates defines the number of rows a group of users may access from a database item over a period of time.
  - 9. The method of claim 1, wherein the intrusion detection policy further includes at least one inference pattern, the method further comprising:
    - accumulating results from performed queries in a record;
      
      comparing said record with at least one of said inference patterns, in order to determine whether a combination of accesses in said record match said inference policy; and
      
      notifying the access control system, upon determining that a combination of accesses in the record match said inference policy, to alter the user authorization, thereby making the received request an unauthorized request, before said result is transmitted to the user.
  - 10. The method of claim 2, wherein items subject to item access rates are marked in the database, and wherein any query concerning said items automatically trigger the intrusion detection.
  - 11. The method of claim 10, wherein the step of determining whether an item access rate is exceeded includes determining if the query result includes rows from marked items, and proceeding with the intrusion detection process only upon determining that the item access rate is exceeded.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Mattsson, Ulf

Granted Patent

US 7,120,933 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/554   involving event detection a...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2135   Metering

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

Method for intrusion detection in a database system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

90 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Method for intrusion detection in a database system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links