Method for intrusion detection in a database system
First Claim
1. A method for detecting intrusion in a database managed by an access control system, comprising:
- defining at least one intrusion detection profile, each including at least one item access rate;
associating each user with one of said defined profiles;
receiving a query from a user;
determining whether a result of said query exceeds any one of the item access rates defined in the profile associated with the user; and
notifying the access control system, upon determining that the result exceeds any one of the at least one item access rates defined in the associated profile, to alter user authorization, thereby making the received requested query an unauthorized request, before the result of the query is transmitted to the user.
4 Assignments
0 Petitions
Accused Products
Abstract
A method for detecting intrusion in a database, managed by an access control system, includes defining at least one intrusion detection profile and associating each user with one of said profiles. Each profile includes at least one item access rate. Further, the method determines whether a result of a query exceeds any one of the item access rates defined in the profile associated with the user. In such a case, the access control system is notified to alter the user authorization, thereby making the received request an unauthorized request, before the result is transmitted to the user. Such a method allows for a real time prevention of intrusion by letting the intrusion detection process interact directly with the access control system, and change the user authority dynamically as a result of the detected intrusion.
90 Citations
11 Claims
-
1. A method for detecting intrusion in a database managed by an access control system, comprising:
-
defining at least one intrusion detection profile, each including at least one item access rate;
associating each user with one of said defined profiles;
receiving a query from a user;
determining whether a result of said query exceeds any one of the item access rates defined in the profile associated with the user; and
notifying the access control system, upon determining that the result exceeds any one of the at least one item access rates defined in the associated profile, to alter user authorization, thereby making the received requested query an unauthorized request, before the result of the query is transmitted to the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
Specification