Method and system for anonymizing activity records
First Claim
1. A method for detecting cyber-threats to a company from activity records logged by the company'"'"'s computing devices while protecting sensitive company information, the method comprising:
- receiving, by an activity monitoring engine, an activity record that documents user activities on a computing device;
generating, by the activity monitoring engine, an anonymization dictionary, wherein generating the anonymization dictionary comprises;
using a statistical method or an artificial intelligence method to detect, in the activity record, a plurality of target entities to be anonymized;
making a determination that a resource is associated with a set of target entities of the plurality of target entities; and
after making the determination;
assigning an anonymized identity to the set of target entities; and
generating an anonymized identifier for each target entity in the set of target entities to obtain a plurality of anonymized identifiers each including the anonymized identity;
replacing, by the activity monitoring engine, the plurality of target entities in the activity record with their anonymized identifiers from the anonymization dictionary to obtain an anonymized activity record;
storing, by the activity monitoring engine, the anonymized activity record; and
analyzing, by the activity monitoring engine, the anonymized activity record to detect cyber-threats to the company or sharing, by the activity monitoring engine, the anonymized activity record with a third-party system to detect cyber-threats to the company.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for processing activity records. The method includes obtaining an activity record, and generating an anonymization dictionary. Generating the anonymization dictionary includes detecting, in the activity record, a set of target entities to be anonymized, making a determination that a resource is associated with a subset of the target entities of the set of target entities, and after making the determination, assigning an anonymized identity to the subset of target entities, and generating an anonymization identifier for each target entity in the subset of target entities to obtain a set of anonymization identifiers, each including the anonymized identity. The method further includes processing the activity record using the anonymization dictionary to obtain an anonymized activity record and storing the anonymized activity record.
27 Citations
17 Claims
-
1. A method for detecting cyber-threats to a company from activity records logged by the company'"'"'s computing devices while protecting sensitive company information, the method comprising:
-
receiving, by an activity monitoring engine, an activity record that documents user activities on a computing device; generating, by the activity monitoring engine, an anonymization dictionary, wherein generating the anonymization dictionary comprises; using a statistical method or an artificial intelligence method to detect, in the activity record, a plurality of target entities to be anonymized; making a determination that a resource is associated with a set of target entities of the plurality of target entities; and after making the determination; assigning an anonymized identity to the set of target entities; and generating an anonymized identifier for each target entity in the set of target entities to obtain a plurality of anonymized identifiers each including the anonymized identity; replacing, by the activity monitoring engine, the plurality of target entities in the activity record with their anonymized identifiers from the anonymization dictionary to obtain an anonymized activity record; storing, by the activity monitoring engine, the anonymized activity record; and analyzing, by the activity monitoring engine, the anonymized activity record to detect cyber-threats to the company or sharing, by the activity monitoring engine, the anonymized activity record with a third-party system to detect cyber-threats to the company. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 16, 17)
-
-
11. A method for detecting cyber-threats to a company from activity records logged by the company'"'"'s computing devices while protecting sensitive company information, the method comprising:
-
obtaining, by an activity monitoring engine, an activity record including metadata that documents user activities on a computing device; generating, by the activity monitoring engine, an anonymization dictionary, wherein generating the anonymization dictionary comprises; using a statistical method or an artificial intelligence method to detect, in the activity record, a plurality of target entities to be anonymized; assigning an anonymized identity to each unique target entity of the plurality of target entities; and generating dictionary entries for the plurality of target entities, wherein each dictionary entry comprises a target entity and a corresponding anonymized identifier comprising the anonymized identity for the target entity; generating, by the activity monitoring engine, an equivalence map, wherein generating the equivalence map comprises; making a determination that a resource is associated with a set of target entities of the plurality of target entities; and storing, in the equivalence map, an identity relationship specifying that anonymized identities corresponding to the set of target entities are associated with the resource; replacing, by the activity monitoring engine, the plurality of target entities in the activity record with their anonymized identifiers from the anonymization dictionary to obtain an anonymized activity record; storing, by the activity monitoring engine, the anonymized activity record; and analyzing, by the activity monitoring engine, the anonymized activity record to detect cyber-threats to the company or sharing, by the activity monitoring engine, the anonymized activity record with a third-party system to detect cyber-threats to the company. - View Dependent Claims (12, 13, 14, 15)
-
Specification