Detection of misuse or abuse of data by authorized access to database

US 20050086529A1
Filed: 10/21/2003
Published: 04/21/2005
Est. Priority Date: 10/21/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method for identifying a misuse and/or abuse of authorized access to a database of a data gathering system by a user, comprising:

a) constructing a user and/or terminal profile representing a pattern of database'"'"'s accesses;

b) monitoring user and/or terminal database access;

c) comparing the monitored database access'"'"' information with existing profile to determine anomalies and/or irregularities; and

d) identifying a potential misuse and/or abuse when an anomaly is detected.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a system for detecting misuse and/or abuse of data related to database done by a user with authorized access to a data system and its database. User behavior is monitored as to its nature of database access, analyzed to create, and compare to, a specific profile. No understanding for the meaning of data content is needed. Each deviation from normal pattern, stored in the profile, is checked in various parameters and ranked, reporting to a system owner.

130 Citations

9 Claims

1. A method for identifying a misuse and/or abuse of authorized access to a database of a data gathering system by a user, comprising:
- a) constructing a user and/or terminal profile representing a pattern of database'"'"'s accesses;
  
  b) monitoring user and/or terminal database access;
  
  c) comparing the monitored database access'"'"' information with existing profile to determine anomalies and/or irregularities; and
  
  d) identifying a potential misuse and/or abuse when an anomaly is detected.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method for identifying a misuse and/or abuse of authorized access to a database of a data gathering system by a user according to claim 1, further comprising:
    - a) comparing the anomalies to the user and/or terminal profile'"'"'s parameters and grade it accordingly;
      
      b) reporting a potential misuse and/or abuse when the grade exceeds a predetermined threshold; and
      
      c) update profile according to comparison results and/or system owner instructions.
  - 3. The method for identifying a misuse and/or abuse of authorized access to a database of a data gathering system by a user according to claim 2, further comprising:
    - a) constructing a profile for a group of users and/or terminals, representing a pattern of database'"'"'s accesses related to that group;
      
      b) comparing database access'"'"' parameters of a specific user and/or terminal with existing related group profile to determine anomalies and/or irregularities.
  - 4. The method for identifying a misuse and/or abuse of authorized access to a database of a data gathering system by a user according to claim 1-3, wherein a) there is no need to understand and/or analyze the context of the actual data been manipulated and/or processed by a user;
    - and b) the characteristics of each database access do not need to be predefined.
  - 5. The method for identifying a misuse and/or abuse of authorized access to a database of a data gathering system by a user according to claim 1-3, wherein the parameters of a profile are:
    - a) commonly used statistics terms and/or any mathematical model and/or other figure or term, representing behavior and/or occurrence over any timeframe; and
      
      b) combine, part or all of;
      
      user identification, terminal and/or port identification, key characteristics of a database access, time stamp of the access.
  - 6. The method for identifying a misuse and/or abuse of authorized access to a database of a data gathering system by a user according to claim 1-3, wherein the parameters and/or the depth of a profile are flexible and subject to a system owner'"'"'s decisions with respect to time frames and levels of database segments.
  - 7. The method for identifying a misuse and/or abuse of authorized access to a database of a data gathering system by a user according to claim 1-3, wherein the related operations are executed in real-time, near real-time and/or on-line with the occurrence of database access, or off-line, batch mode and/or long after the actual access to database has been occurred.
  - 8. The method for identifying a misuse and/or abuse of authorized access to a database of a data gathering system by a user according to claim 1-3, wherein the machines, servers and/or any related hardware of the data gathering system are singular or plural, distributed geographically and/or logically, and where database is singular or plural, distributed geographically and/or logically.
  - 9. The method for identifying a misuse and/or abuse of authorized access to a database of a data gathering system by a user according to claim 1-3, wherein a) the system owner can indicate specific segment/s within a database to be more sensitive than others and/or with predefined weight, for each desired segment, to be calculated accordingly in grading a warning or alarm;
    - and/or b) the system owner can indicate specific user/s and/or terminal/s to be monitored and referenced with more sensitivity than others and/or with predefined weight, for each desired user or terminal, to be calculated accordingly in grading a warning or alarm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Insight Solutions Ltd.
Original Assignee
Insight Solutions Ltd.
Inventors
Buchsbaum, Yair

Application Number

US10/689,113
Publication Number

US 20050086529A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/55 Detecting local intrusion o...

Detection of misuse or abuse of data by authorized access to database

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

130 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Detection of misuse or abuse of data by authorized access to database

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

130 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links