Patent
Insider threat detection
Reads0
Chats0
TLDR
In this article, the authors present methods, systems, and computer program products for insider threat detection by monitoring the network to detect network activity associated with a set of network protocols and processing the detected activity to generate information-use events.Abstract:
Methods, systems, and computer program products for insider threat detection are provided. Embodiments detect insiders who act on documents and/or files to which they have access but whose activity is inappropriate or uncharacteristic of them based on their identity, past activity, and/or organizational context. Embodiments work by monitoring the network to detect network activity associated with a set of network protocols; processing the detected activity to generate information-use events; generating contextual information associated with users of the network; and processing the information-use events based on the generated contextual information to generate alerts and threat scores for users of the network. Embodiments provide several information-misuse detectors that are used to examine generated information-use events in view of collected contextual information to detect volumetric anomalies, suspicious and/or evasive behavior. Embodiments provide a user threat ranking system and a user interface to examine user threat scores and analyze user activity.read more
Citations
More filters
Patent
A method for detecting anomaly action within a computer network
TL;DR: In this article, a method and system for detecting anomalous action within a computer network is provided, which starts with collecting raw data from at least one probe sensor that is associated with a router, switch or at least a server which are part of the computer network.
Patent
Methods, systems, and media for detecting covert malware
Brian M. Bowen,Pratap Prabhu,Vasileios P. Kemerlis,Stylianos Sidiroglou,Salvatore J. Stolfo,Angelos D. Keromytis +5 more
TL;DR: In this article, a method for detecting covert malware in a computing environment is provided, the method comprising: generating simulated user activity outside of the computing environment; conveying the simulated user activities to an application inside the environment; and determining whether a decoy corresponding to the simulated users' activity has been accessed by an unauthorized entity.
Patent
Methods, systems, and media for baiting inside attackers
Salvatore J. Stolfo,Angelos D. Keromytis,Brian M. Bowen,Shlomo Hershkop,Vasileios P. Kemerlis,Pratap Prabhu,Malek Ben Salem +6 more
TL;DR: In this article, a trap-based defense is proposed, the method comprising of generating decoy information based at least in part on actual information in a computing environment, embedding a beacon into the decoy, and inserting the decoys information with the embedded beacon into computing environment.
Patent
Controlling the spread of interests and content in a content centric network
TL;DR: In this paper, the authors present a system for controlling the spread of interests and content in a content centric network (CCN), which maintains a routing policy for content data and receives a packet associated with a piece of content or an interest for the content.
Patent
Adaptive multi-interface use for content networking
TL;DR: In this article, a hierarchical structured variable-length identifier (HSVLI) is used to indicate a piece of content and indicate a hierarchical structure of contiguous components ordered from a most general level to a most specific level.
References
More filters
Patent
Active network defense system and method
TL;DR: In this paper, an active network defense system is provided that is operable to monitor and block traffic in automated fashion, which is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure.
Patent
Network-based alert management
Phillip Porras,Martin Fong +1 more
TL;DR: In this paper, a method of managing alerts in a network including receiving alerts from network sensors, consolidating the alerts that are indicative of a common incident and generating output reflecting the consolidated alerts is presented.
Patent
End user risk management
Jason Lieblich,Dustin Norman +1 more
TL;DR: A flexible, efficient and easy-to-use computer security management system effectively evaluates and responds to informational risks on a wide variety of computing platforms and in a rapidly changing network environment as discussed by the authors.
Patent
Adaptive behavioral intrusion detection systems and methods
TL;DR: In this article, an intrusion detection system is proposed, which is performed over a period of time, looking for behavioral patterns within networks or information systems and generating alerts when these patterns change.
Patent
Methods, systems and computer program products for monitoring user behavior for a server application
David Motsinger,David Logan,Kenneth Gramley,Garth Somerville,Albert Choy,Douglas Hester,Virgil Wall,Byron Hargett +7 more
TL;DR: In this article, methods, systems, and computer program products are disclosed for monitoring user behavior for a server application in a computer network, including applying one or more detectors to the communication data to identify a variety of predetermined activity.