Patent · US Active

Systems and methods for anomaly-based detection of compromised IT administration accounts

US9485271B1 · kind B1 · utility

14Cited by

2References

20Claims

0Family size

Assignee

Symantec Corporation · US

Inventors

Kevin Roundy · El Segundo, US
Sandeep Bhatkar · Sunnyvale, US
Fanglu Guo · Los Angeles, US

Key dates

Filing date	Mar 11, 2014
Grant date	Nov 1, 2016
Priority date	—
Expiry date	Apr 2, 2034

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1441
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A computer-implemented method for anomaly-based detection of compromised information technology (IT) administration accounts may (1) include establishing a set of permissible IT administration tasks for an IT administration account, (2) monitoring the IT administration account for activities outside the set of permissible IT administration tasks, (3) detecting a suspicious activity by identifying an activity that is outside the set of permissible IT administration tasks and therefore indicative of the IT administration account being compromised, and (4) in response to detecting the suspicious activity, performing a security action with respect to the potentially compromised IT administration account. Various other methods, systems, and computer-readable media are also disclosed.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.