Method for intrusion detection in a database system

DC CAFC

US 7,305,707 B2
Filed: 08/25/2006
Issued: 12/04/2007
Est. Priority Date: 11/23/2001
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method for detecting intrusion in a database, comprising:

defining at least one intrusion detection policy for the database;

associating each user with one of the defined policies;

receiving a database query from a user;

determining if the results of the query violate the intrusion detection policy; and

altering the user'"'"'s authorization if the intrusion detection policy has been violated.

View all claims

1 Assignment

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A method for detecting intrusion in a database, managed by an access control system, includes defining at least one intrusion detection profile and associating each user with one of said profiles. Each profile includes at least one item access rate. Further, the method determines whether a result of a query exceeds any one of the item access rates defined in the profile associated with the user. In such a case, the access control system is notified to alter the user authorization, thereby making the received request an unauthorized request, before the result is transmitted to the user. Such a method allows for a real time prevention of intrusion by letting the intrusion detection process interact directly with the access control system, and change the user authority dynamically as a result of the detected intrusion.

64 Citations

View as Search Results

22 Claims

1. A method for detecting intrusion in a database, comprising:
- defining at least one intrusion detection policy for the database;
  
  associating each user with one of the defined policies;
  
  receiving a database query from a user;
  
  determining if the results of the query violate the intrusion detection policy; and
  
  altering the user'"'"'s authorization if the intrusion detection policy has been violated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the at least one intrusion detection policy includes a set of item access rates.
  - 3. The method of claim 2, wherein at least one of the item access rates includes a definition of a number of rows that may be accessed in a predetermined period of time.
  - 4. The method of claim 2, wherein at least one of the item access rates includes a definition of a number of rows that a group of users may access at one time.
  - 5. The method of claim 2, wherein at least one of the item access rates includes a definition of a number of rows that a user may access over a period of time.
  - 6. The method of claim 2, wherein at least one of the item access rates includes a definition of a number of rows that a group of users may access over a period of time.
  - 7. The method of claim 2, wherein at least one of the item access rates includes a definition of a number of rows that a user may access at one time.
  - 8. The method of claim 2, wherein the at least one intrusion detection policy further includes at least one inference pattern.
  - 9. The method of claim 1, further comprising:
    - accumulating results from performed database queries in a record;
      
      determining if the accumulated results violate the intrusion detection policy; and
      
      altering the user'"'"'s authorization if the intrusion detection policy has been violated.
  - 10. The method of claim 1, wherein the intrusion detection policy further includes at least one inference pattern.
  - 11. The method of claim 10, further comprising:
    - accumulating results from performed database queries in a record;
      
      determining if the record matches the at least one inference pattern;
      
      altering the user'"'"'s authorization if the record matches the at least one inference pattern.

12. A method for detecting intrusion in a database for a plurality of users, comprising:
- defining more than one intrusion detection policy for the database;
  
  associating each user with one of the defined intrusion detection policies;
  
  receiving a database query from a first user;
  
  determining if a result of the database query violates the intrusion detection policy associated with the first user; and
  
  altering the first user'"'"'s authorization if the intrusion detection policy associated with the first user has been violated.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The method of claim 12, wherein each intrusion detection policy includes a set of item access rates.
  - 14. The method of claim 13, wherein at least one of the item access rates includes a definition of a number of rows that may be accessed in a predetermined period of time.
  - 15. The method of claim 13, wherein at least one of the item access rates includes a definition of a number of rows that the first user may access at one time.
  - 16. The method of claim 13, wherein at least one of the item access rates includes a definition of a number of rows that a group of more than one of the users may access at one time.
  - 17. The method of claim 13, wherein at least one of the item access rates includes a definition of a number of rows that the first user may access over a period of time.
  - 18. The method of claim 13, wherein at least one of the item access rates includes a definition of a number of rows that a group of more than one of the users may access over a period of time.
  - 19. The method of claim 13, wherein each intrusion detection policy further includes at least one inference pattern.
  - 20. The method of claim 12, further comprising the steps of:
    - accumulating in a result record, at least one result of the database query from the first user;
      
      determining if the result record violates the intrusion detection policy associated with the first user; and
      
      altering the first user'"'"'s authorization if the intrusion detection policy associated with the first user has been violated.
  - 21. The method of claim 12, wherein each intrusion detection policy further includes at least one inference pattern.
  - 22. The method of claim 21, further comprising to step of:
    - determining if the result record matches the at least one inference pattern;
      
      altering the first user'"'"'s authorization if the result record matches the at least one inference pattern.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Mattsson, Ulf
Primary Examiner(s)
Smithers; Matthew
Assistant Examiner(s)
Fields; Courtney D

Application Number

US11/510,185
Publication Number

US 20070101425A1
Time in Patent Office

466 Days
Field of Search

726/22, 713/187, 713/193
US Class Current

726/22
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/554   involving event detection a...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2135   Metering

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

Method for intrusion detection in a database system

First Claim

1 Assignment

Litigations

0 Petitions

Accused Products

Abstract

64 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method for intrusion detection in a database system

First Claim

1 Assignment

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links