Method for intrusion detection in a database system
DC CAFCFirst Claim
1. A method for detecting intrusion in a database, comprising:
- defining at least one intrusion detection policy for the database;
associating each user with one of the defined policies;
receiving a database query from a user;
determining if the results of the query violate the intrusion detection policy; and
altering the user'"'"'s authorization if the intrusion detection policy has been violated.
1 Assignment
Litigations
0 Petitions
Accused Products
Abstract
A method for detecting intrusion in a database, managed by an access control system, includes defining at least one intrusion detection profile and associating each user with one of said profiles. Each profile includes at least one item access rate. Further, the method determines whether a result of a query exceeds any one of the item access rates defined in the profile associated with the user. In such a case, the access control system is notified to alter the user authorization, thereby making the received request an unauthorized request, before the result is transmitted to the user. Such a method allows for a real time prevention of intrusion by letting the intrusion detection process interact directly with the access control system, and change the user authority dynamically as a result of the detected intrusion.
64 Citations
22 Claims
-
1. A method for detecting intrusion in a database, comprising:
-
defining at least one intrusion detection policy for the database; associating each user with one of the defined policies; receiving a database query from a user; determining if the results of the query violate the intrusion detection policy; and altering the user'"'"'s authorization if the intrusion detection policy has been violated. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for detecting intrusion in a database for a plurality of users, comprising:
-
defining more than one intrusion detection policy for the database; associating each user with one of the defined intrusion detection policies; receiving a database query from a first user; determining if a result of the database query violates the intrusion detection policy associated with the first user; and altering the first user'"'"'s authorization if the intrusion detection policy associated with the first user has been violated. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification