Insider threat detection
US8707431B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Apr 24, 2007 |
| Grant date | Apr 22, 2014 |
| Priority date | — |
| Expiry date | Sep 24, 2030 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1416
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Methods, systems, and computer program products for insider threat detection are provided. Embodiments detect insiders who act on documents and/or files to which they have access but whose activity is inappropriate or uncharacteristic of them based on their identity, past activity, and/or organizational context. Embodiments work by monitoring the network to detect network activity associated with a set of network protocols; processing the detected activity to generate information-use events; generating contextual information associated with users of the network; and processing the information-use events based on the generated contextual information to generate alerts and threat scores for users of the network. Embodiments provide several information-misuse detectors that are used to examine generated information-use events in view of collected contextual information to detect volumetric anomalies, suspicious and/or evasive behavior. Embodiments provide a user threat ranking system and a user interface to examine user threat scores and analyze user activity.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.