International Business Machines Corporation
Security system with adaptive parsing

Abstract:

A security system protecting a monitored system (e.g., a database server) is configured to self-update (extend) a statement/command parser grammar, dynamically. To accomplish this, the security system uses the monitored system itself as a syntax validator (on the parser's behalf), and without requiring any changes or modifications to the monitored server. In one embodiment, the security system comprises a protocol analyzer and the parser. The protocol analyzer extracts a statement/command from a received request and passes it to the parser. If no parser syntax error is found, the statement/command is validated against a security policy. If a parser syntax error occurs, however, the system examines a response from the monitored system to determine whether the parser syntax error is a "false positive." If so, the parser then self-extends its own grammar automatically to correct for the parser syntax error. Once its grammar is updated, the parser is then able to process the original request.