Detection of compromised devices via user states

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Moshe Israel · Ramat Gan, IL
• Royi Ronen · Nes Ziona, IL
• Daniel Alon · Even Yehuda, IL
• Tomer Teller · Nes Ziona, IL
• Hanan Shteingart · Herzliya, IL

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/034
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Controlling device security includes obtaining a set of device activity data indicating current device activity on a device and a set of user activity data indicating a current activity state of one or more legitimate users of the device. It is determined whether the indicated current activity state of the users indicates that a legitimate user is in an active state on the device, or that none of the legitimate users is in an active state on the device. A statistical fit of the indicated current device activity on the device, with the indicated current activity state of the one or more legitimate users, is determined, by a comparison with at least one of the models that are generated via supervised learning. A security alert action may be initiated, based on a result of the determination of the statistical fit indicating a compromised state of the device.