Abstract: Embodiments are disclosed for a method for identifying large database transactions. The method includes generating a token marker sequence of a database transaction. The token marker sequence includes multiple token markers. The token markers include a token of the database transaction and a position corresponding to the token. The method further includes sorting the token markers based on a probability that the token occurs in a stream of database transactions. Additionally, the method includes reducing a size of the token marker sequence based on a predetermined threshold.

Abstract: A mechanism is provided for monitoring and controlling data access. Responsive to intercepting a response from a server to a request for information from a client device, a security system agent applies pattern matching using a predefined set of sensitive data pattern rules to identify at least one sensitive data access included in the response. Responsive to identifying at least one sensitive data access matching one or more of the predefined set of sensitive data pattern rules, the security system agent modifies that the request from the client by marking the at least one sensitive data access as sensitive thereby forming a modified request. The security system agent sends the modified request to the security system thereby causing the security system to process the modified request without access the sensitive data associated with the at least one marked sensitive data access.

Abstract: A database protection system (DPS) detects anomalies in real time without reliance on discrete security rules, instead relying on a machine learning-based approach. In particular, a Bayesian machine learning model is trained on a set of database protocol metadata (DPM) that the system collects during its runtime operation. Typically, a set of DPM parameters is protocol-specific. The approach herein presumes that DPM parameters are not independent, and that their conditional dependencies (as observed from the database connections) can be leveraged for anomaly detection. To that end, the machine learning model is trained to detect dominant (repeating) patterns of connection DPM parameters. Once trained, the model is then instantiated in the DPS and used to facilitate anomaly detection by identifying connections that do not conform to these patterns, i.e. that represent unusual connection DPM parameters.

Abstract: A mechanism is provided for monitoring and controlling data access. Responsive to intercepting a response from a server to a request for information from a client device, a security system agent applies pattern matching using a predefined set of sensitive data pattern rules to identify at least one sensitive data access included in the response. Responsive to identifying at least one sensitive data access matching one or more of the predefined set of sensitive data pattern rules, the security system agent modifies that the request from the client by marking the at least one sensitive data access as sensitive thereby forming a modified request. The security system agent sends the modified request to the security system thereby causing the security system to process the modified request without access the sensitive data associated with the at least one marked sensitive data access.

Abstract: A database protection system (DPS) detects anomalies in real time without reliance on discrete security rules, instead relying on a machine learning-based approach. In particular, a Bayesian machine learning model is trained on a set of database protocol metadata (DPM) that the system collects during its runtime operation. Typically, a set of DPM parameters is protocol-specific. The approach herein presumes that DPM parameters are not independent, and that their conditional dependencies (as observed from the database connections) can be leveraged for anomaly detection. To that end, the machine learning model is trained to detect dominant (repeating) patterns of connection DPM parameters. Once trained, the model is then instantiated in the DPS and used to facilitate anomaly detection by identifying connections that do not conform to these patterns, i.e. that represent unusual connection DPM parameters.

Abstract: Embodiments are disclosed for a method for identifying large database transactions. The method includes generating a token marker sequence of a database transaction. The token marker sequence includes multiple token markers. The token markers include a token of the database transaction and a position corresponding to the token. The method further includes sorting the token markers based on a probability that the token occurs in a stream of database transactions. Additionally, the method includes reducing a size of the token marker sequence based on a predetermined threshold.