Patents by Inventor Peter Maniatis
Peter Maniatis has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11632380Abstract: Embodiments are disclosed for a method for identifying large database transactions. The method includes generating a token marker sequence of a database transaction. The token marker sequence includes multiple token markers. The token markers include a token of the database transaction and a position corresponding to the token. The method further includes sorting the token markers based on a probability that the token occurs in a stream of database transactions. Additionally, the method includes reducing a size of the token marker sequence based on a predetermined threshold.Type: GrantFiled: March 17, 2020Date of Patent: April 18, 2023Assignee: International Business Machines CorporationInventors: Leonid Rodniansky, Peter Maniatis, Tania Butovsky, Dmitri Dodor
-
Patent number: 11562090Abstract: A security system that monitors requests to a protected resource is configured to determine that a syntactically-invalid language statement in a request is one that should be treated as a “security high risk” statement (SHRS) because it has a probability of containing sensitive data. A machine language that defines the structure and syntax of the language statements used by a client-server application may have multiple SHRSs. SHRSs are identified in advance by syntactical analysis of the language statements that comprise the machine language. The security system stores (or can otherwise obtain) a representation of each of the set of these high risk statements. In response to detecting that a request has a syntactically-invalid language statement, the system determines whether the invalid language statement has a measure of similarity sufficiently close to any of statement in the SHRS set. Upon a positive determination, an appropriate security action is taken to ensure sensitive data is not exposed.Type: GrantFiled: May 28, 2019Date of Patent: January 24, 2023Assignee: International Business Machines CorporationInventors: Dmitri Dodor, Peter A. Maniatis, Leonid Rodniansky
-
Patent number: 11481508Abstract: A mechanism is provided for monitoring and controlling data access. Responsive to intercepting a response from a server to a request for information from a client device, a security system agent applies pattern matching using a predefined set of sensitive data pattern rules to identify at least one sensitive data access included in the response. Responsive to identifying at least one sensitive data access matching one or more of the predefined set of sensitive data pattern rules, the security system agent modifies that the request from the client by marking the at least one sensitive data access as sensitive thereby forming a modified request. The security system agent sends the modified request to the security system thereby causing the security system to process the modified request without access the sensitive data associated with the at least one marked sensitive data access.Type: GrantFiled: December 15, 2020Date of Patent: October 25, 2022Assignee: International Business Machines CorporationInventors: Tania Butovsky, Leonid Rodniansky, Mikhail Shpak, Richard Ory Jerrell, Peter Maniatis, Shidong Shan
-
Patent number: 11444923Abstract: A database protection system (DPS) detects anomalies in real time without reliance on discrete security rules, instead relying on a machine learning-based approach. In particular, a Bayesian machine learning model is trained on a set of database protocol metadata (DPM) that the system collects during its runtime operation. Typically, a set of DPM parameters is protocol-specific. The approach herein presumes that DPM parameters are not independent, and that their conditional dependencies (as observed from the database connections) can be leveraged for anomaly detection. To that end, the machine learning model is trained to detect dominant (repeating) patterns of connection DPM parameters. Once trained, the model is then instantiated in the DPS and used to facilitate anomaly detection by identifying connections that do not conform to these patterns, i.e. that represent unusual connection DPM parameters.Type: GrantFiled: July 29, 2020Date of Patent: September 13, 2022Assignee: International Business Machines CorporationInventors: Leonid Rodniansky, Shay Harel, Tania Butovsky, Peter Maniatis
-
Publication number: 20220188437Abstract: A mechanism is provided for monitoring and controlling data access. Responsive to intercepting a response from a server to a request for information from a client device, a security system agent applies pattern matching using a predefined set of sensitive data pattern rules to identify at least one sensitive data access included in the response. Responsive to identifying at least one sensitive data access matching one or more of the predefined set of sensitive data pattern rules, the security system agent modifies that the request from the client by marking the at least one sensitive data access as sensitive thereby forming a modified request. The security system agent sends the modified request to the security system thereby causing the security system to process the modified request without access the sensitive data associated with the at least one marked sensitive data access.Type: ApplicationFiled: December 15, 2020Publication date: June 16, 2022Inventors: Tania Butovsky, Leonid Rodniansky, Mikhail Shpak, Richard Ory Jerrell, Peter Maniatis, Shidong Shan
-
Publication number: 20220038428Abstract: A database protection system (DPS) detects anomalies in real time without reliance on discrete security rules, instead relying on a machine learning-based approach. In particular, a Bayesian machine learning model is trained on a set of database protocol metadata (DPM) that the system collects during its runtime operation. Typically, a set of DPM parameters is protocol-specific. The approach herein presumes that DPM parameters are not independent, and that their conditional dependencies (as observed from the database connections) can be leveraged for anomaly detection. To that end, the machine learning model is trained to detect dominant (repeating) patterns of connection DPM parameters. Once trained, the model is then instantiated in the DPS and used to facilitate anomaly detection by identifying connections that do not conform to these patterns, i.e. that represent unusual connection DPM parameters.Type: ApplicationFiled: July 29, 2020Publication date: February 3, 2022Applicant: International Business Machines CorporationInventors: Leonid Rodniansky, Shay Harel, Tania Butovsky, Peter Maniatis
-
Publication number: 20210297426Abstract: Embodiments are disclosed for a method for identifying large database transactions. The method includes generating a token marker sequence of a database transaction. The token marker sequence includes multiple token markers. The token markers include a token of the database transaction and a position corresponding to the token. The method further includes sorting the token markers based on a probability that the token occurs in a stream of database transactions. Additionally, the method includes reducing a size of the token marker sequence based on a predetermined threshold.Type: ApplicationFiled: March 17, 2020Publication date: September 23, 2021Inventors: Leonid Rodniansky, Peter Maniatis, Tania Butovsky, Dmitri Dodor
-
Publication number: 20200380146Abstract: A security system that monitors requests to a protected resource is configured to determine that a syntactically-invalid language statement in a request is one that should be treated as a “security high risk” statement (SHRS) because it has a probability of containing sensitive data. A machine language that defines the structure and syntax of the language statements used by a client-server application may have multiple SHRSs. SHRSs are identified in advance by syntactical analysis of the language statements that comprise the machine language. The security system stores (or can otherwise obtain) a representation of each of the set of these high risk statements. In response to detecting that a request has a syntactically-invalid language statement, the system determines whether the invalid language statement has a measure of similarity sufficiently close to any of statement in the SHRS set. Upon a positive determination, an appropriate security action is taken to ensure sensitive data is not exposed.Type: ApplicationFiled: May 28, 2019Publication date: December 3, 2020Applicant: International Business Machines CorporationInventors: Dmitri Dodor, Peter A. Maniatis, Leonid Rodniansky