Patent · US Active

Enterprise information asset protection through insider attack specification, monitoring and mitigation

US8880893B2 · kind B2 · utility

17Cited by

25References

17Claims

0Family size

Assignee

IBM INTERNATIONAL GROUP BV · NL

Inventors

Pratyush Moghe · Stow, US
Narain H. Gehani · Summit, US
Peter Smith · Mansfield, US

Key dates

Filing date	Sep 24, 2004
Grant date	Nov 4, 2014
Priority date	—
Expiry date	Mar 31, 2028

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/2115
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

The present invention provides a policy specification framework to enable an enterprise to specify a given insider attack using a holistic view of a given data access, as well as the means to specify and implement one or more intrusion mitigation methods in response to the detection of such an attack. The policy specification provides for the use of “anomaly” and “signature” attributes that capture sophisticated behavioral characteristics of illegitimate data access. When the attack occurs, a previously-defined administrator (or system-defined) mitigation response (e.g., verification, disconnect, de-provision, or the like) is then implemented.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.