Detecting presence of a subject string in a target string and security event qualification based on prior behavior by an end user of a computer system

Assignee

• Next IT Corporation · US

Inventors

• Samuel Cameron Fleming · Spokane, US
• Richard T. Weeks · Spokane, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F16/9535
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A software-based security agent that hooks into the operating system of a computer device in order to continuously audit the behavior and conduct of the end user of the computer device. The detected actions of the end user can be stored in a queue or log file that can be continuously monitored to detect patterns of behavior that may constitute a policy violation and/or security risk. When a pattern of behavior that may constitute a policy violation and/or security risk is detected, an event may be triggered. A frequency vector string matching algorithm also is disclosed. The frequency vector string matching algorithm may be used to detect the presence or partial presence of subject strings within a target string of alphanumeric characters. The frequency vector string matching algorithm could be used to detect typos in stored computer records or to search for records based on partial information. In addition, the frequency vector string matching algorithm could be used to search communications for sensitive information that has been manipulated, obscured, or partially elided. In addition, an anomaly analysis is disclosed for comparing behavior patterns of one user against the behavi…