Methods for user profiling for detecting insider threats based on internet search patterns and forensics of search keywords
US8375452B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Dec 25, 2008 |
| Grant date | Feb 12, 2013 |
| Priority date | — |
| Expiry date | Jun 2, 2030 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/552
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Disclosed are methods for user profiling for detecting insider threats including the steps of: upon a client application sending a request for a link, extracting at least one search keyword from a search session associated with the request; classifying the link into at least one classification; determining whether at least one classification is a monitored classification; capturing search elements of search sessions associated with the monitored classification; acquiring usage data from the search elements to create a user profile associated with a user's search behavior; and performing a statistical analysis, on a search frequency for the monitored classification, on user profiles associated with many users. Preferably, the method includes: designating a profile as suspicious based on the statistical analysis exceeding a pre-determined threshold value, wherein the pre-determined threshold value is based on an expected search frequency for the profile and each respective grade for at least one risk-assessment dimension.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.