Abstract: A method for detecting an unauthorized action in a database, the method comprising estimating correlation between a predicted result of an intercepted database statement and at least one context parameter associated with the database statement, wherein lack of correlation indicates the database statement being associated with an unauthorized action.
Abstract: Some demonstrative embodiments of the invention relate to a method, device and system of database security. One demonstrative embodiment of the invention includes an intrusion detection sensor to scan transactions on a database, and generate an event based on a detection profile. Other embodiments are described and claimed.