Imperva has filed a patent for a method to detect anomalous accesses to a system. The method involves analyzing historical commands submitted by a system user to generate a technical maturity profile, and then determining if an access by the user is anomalous by comparing the technical maturity attributes of the command to the user’s profile. GlobalData’s report on Imperva gives a 360-degree view of the company including its patenting strategy. Buy the report here.
According to GlobalData’s company profile on Imperva, network traffic analysis was a key innovation area identified from patents. Imperva's grant share as of June 2023 was 1%. Grant share is based on the ratio of number of grants to total number of patents.
Method to detect anomalous accesses based on user's historical commands
A recently filed patent (Publication Number: US20230153404A1) describes a method for detecting anomalous accesses to a system using historical command analysis. The method involves generating a technical maturity profile of a system user by analyzing their past commands submitted to the system. The technical maturity attributes of a command submitted by the user to perform an access are then determined and compared to the technical maturity profile to determine if the access is anomalous.
If an access is deemed anomalous, the method further includes generating an alert. The technical maturity profile of the system user is generated based on predefined attribute types that indicate technical maturity. In the case of a database system and user, these attribute types include the number of clauses used in a database command, the number of sub-commands submitted as a batch, the use of variables, the presence of syntactically unnecessary parentheses, aliasing, and the use of a more verbose construct when a functionally equivalent less verbose construct is available.
Additional attribute types include the use of outer joins, keywords unique to a particular database platform, the number of errors generated by a command, the occurrence of syntax errors or misspellings, commands related to system tables, schema changes, and the creation of index or lookup tables. The technical maturity profile may also include attributes related to the form in which commands are written.
The technical maturity profile of the system user can be part of a system access profile that includes information about the machines and clients used by the user, as well as the time of day when the user accesses the system. The profile is periodically updated by analyzing additional historical commands submitted by the user.
The patent also describes a non-transitory machine-readable storage medium that provides instructions for performing the method and a computing device configured to detect anomalous accesses to a system. The computing device includes one or more processors and a storage medium with the necessary instructions.
In summary, the patent presents a method for detecting anomalous accesses to a system by analyzing historical commands and comparing them to a technical maturity profile. This approach allows for the identification of potentially suspicious activities and the generation of alerts. The method is particularly applicable to database systems and users, with predefined attribute types indicating technical maturity.