Determining origins of queries for a database intrusion detection system
US7558796B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | May 19, 2005 |
| Grant date | Jul 7, 2009 |
| Priority date | — |
| Expiry date | Jul 16, 2026 |
Classification
- Technology area (CPC Y)Emerging Cross-Sectional Technologies
- CPC primaryY10S707/99936
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A database intrusion detection system (DIDS) monitors database queries to detect anomalous queries that might by symptomatic of a code injection attack on the database. A proxy server intercepts HTTP messages from clients that contain query data used to generate database queries. The proxy server extracts the query data from a message and determines origin data describing the origin of the message, such as the IP address of the client that sent the message. The proxy server stores the query and origin data in a cache. Upon detecting an anomalous query, the DIDS extracts a portion of the query, such as the literals. The DIDS searches the cache to identify entries having query data that match the extracted portions of the query. The DIDS reports the origin data of the matching cache entries.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.