Abstract: Embodiments are disclosed for a method for identifying large database transactions. The method includes generating a token marker sequence of a database transaction. The token marker sequence includes multiple token markers. The token markers include a token of the database transaction and a position corresponding to the token. The method further includes sorting the token markers based on a probability that the token occurs in a stream of database transactions. Additionally, the method includes reducing a size of the token marker sequence based on a predetermined threshold.

Abstract: A security system that monitors requests to a protected resource is configured to determine that a syntactically-invalid language statement in a request is one that should be treated as a “security high risk” statement (SHRS) because it has a probability of containing sensitive data. A machine language that defines the structure and syntax of the language statements used by a client-server application may have multiple SHRSs. SHRSs are identified in advance by syntactical analysis of the language statements that comprise the machine language. The security system stores (or can otherwise obtain) a representation of each of the set of these high risk statements. In response to detecting that a request has a syntactically-invalid language statement, the system determines whether the invalid language statement has a measure of similarity sufficiently close to any of statement in the SHRS set. Upon a positive determination, an appropriate security action is taken to ensure sensitive data is not exposed.

Abstract: A mechanism that dynamically creates a new access policy for a set of database servers when a policy violation has been identified in a database access response issued by any database in the set. The new access policy is then propagated in real-time and instantiated across the set of database servers so as to inoculate the other database servers and pre-empt any new compromise of information based on the intruder's actions that were found to have produced the policy violation in the first instance. Thus, the approach uses a response policy violation at one database server of a set to trigger generation of a new request access policy that is then instantiated across one or more other database servers. This response policy violation-to-request access policy instantiation occurs in substantially real-time so that the intruder cannot use a prior successful access request to obtain information from other databases using a similar strategy.

Abstract: A mechanism that dynamically creates a new access policy for a set of database servers when a policy violation has been identified in a database access response issued by any database in the set. The new access policy is then propagated in real-time and instantiated across the set of database servers so as to inoculate the other database servers and pre-empt any new compromise of information based on the intruder's actions that were found to have produced the policy violation in the first instance. Thus, the approach uses a response policy violation at one database server of a set to trigger generation of a new request access policy that is then instantiated across one or more other database servers. This response policy violation-to-request access policy instantiation occurs in substantially real-time so that the intruder cannot use a prior successful access request to obtain information from other databases using a similar strategy.

Abstract: Embodiments are disclosed for a method for identifying large database transactions. The method includes generating a token marker sequence of a database transaction. The token marker sequence includes multiple token markers. The token markers include a token of the database transaction and a position corresponding to the token. The method further includes sorting the token markers based on a probability that the token occurs in a stream of database transactions. Additionally, the method includes reducing a size of the token marker sequence based on a predetermined threshold.

Abstract: A security system that monitors requests to a protected resource is configured to determine that a syntactically-invalid language statement in a request is one that should be treated as a “security high risk” statement (SHRS) because it has a probability of containing sensitive data. A machine language that defines the structure and syntax of the language statements used by a client-server application may have multiple SHRSs. SHRSs are identified in advance by syntactical analysis of the language statements that comprise the machine language. The security system stores (or can otherwise obtain) a representation of each of the set of these high risk statements. In response to detecting that a request has a syntactically-invalid language statement, the system determines whether the invalid language statement has a measure of similarity sufficiently close to any of statement in the SHRS set. Upon a positive determination, an appropriate security action is taken to ensure sensitive data is not exposed.

Abstract: A mechanism that dynamically creates a new access policy for a set of database servers when a policy violation has been identified in a database access response issued by any database in the set. The new access policy is then propagated in real-time and instantiated across the set of database servers so as to inoculate the other database servers and pre-empt any new compromise of information based on the intruder's actions that were found to have produced the policy violation in the first instance. Thus, the approach uses a response policy violation at one database server of a set to trigger generation of a new request access policy that is then instantiated across one or more other database servers. This response policy violation-to-request access policy instantiation occurs in substantially real-time so that the intruder cannot use a prior successful access request to obtain information from other databases using a similar strategy.

Abstract: A mechanism that dynamically creates a new access policy for a set of database servers when a policy violation has been identified in a database access response issued by any database in the set. The new access policy is then propagated in real-time and instantiated across the set of database servers so as to inoculate the other database servers and pre-empt any new compromise of information based on the intruder's actions that were found to have produced the policy violation in the first instance. Thus, the approach uses a response policy violation at one database server of a set to trigger generation of a new request access policy that is then instantiated across one or more other database servers. This response policy violation-to-request access policy instantiation occurs in substantially real-time so that the intruder cannot use a prior successful access request to obtain information from other databases using a similar strategy.