System and method for facilitating data leakage and/or propagation tracking
First Claim
1. A system for facilitating data leakage and/or propagation tracking on a network, comprising:
- a computer system one or more processors programmed to execute computer program instructions that, when executed, cause the computer system to;
obtain a set of hashes that are associated with files of a user system, and a reference set of hashes that are associated with files of a reference system;
determine an additional subset of hashes included in the set of hashes and not included in the reference set of hashes based on a comparison between the set of hashes and the reference set of hashes;
predict that a file is exclusive for one or more users or exclusive for one or more user systems, the file being associated with a hash included in the additional subset of hashes;
scan one or more other user systems to determine what files are on the other user systems, wherein each of the other user systems is assigned to one or more other users or is not one of the user systems; and
generate an alert indicating unauthorized activity, wherein the alert is generated responsive to the scan indicating that the other user systems contain the file predicted to be exclusive for the users or exclusive for the user systems.
3 Assignments
0 Petitions
Accused Products
Abstract
In some embodiments, a set of hashes that are associated with files of a user system, and a reference set of hashes that are associated with files of a reference system, may be obtained. An additional subset of hashes (included in the set of hashes and not included in the reference set of hashes) may be obtained based on a comparison between the set of hashes and the reference set of hashes. A file may be predicted to be exclusive for certain users or user systems, where the file is associated with a hash included in the additional subset of hashes. Other user systems may be scanned to determine what files are on the other user systems, where each of the other user systems is assigned to another user or is not one of the user systems. An alert indicating unauthorized activity may be generated based on the scan.
130 Citations
20 Claims
-
1. A system for facilitating data leakage and/or propagation tracking on a network, comprising:
a computer system one or more processors programmed to execute computer program instructions that, when executed, cause the computer system to; obtain a set of hashes that are associated with files of a user system, and a reference set of hashes that are associated with files of a reference system; determine an additional subset of hashes included in the set of hashes and not included in the reference set of hashes based on a comparison between the set of hashes and the reference set of hashes; predict that a file is exclusive for one or more users or exclusive for one or more user systems, the file being associated with a hash included in the additional subset of hashes; scan one or more other user systems to determine what files are on the other user systems, wherein each of the other user systems is assigned to one or more other users or is not one of the user systems; and generate an alert indicating unauthorized activity, wherein the alert is generated responsive to the scan indicating that the other user systems contain the file predicted to be exclusive for the users or exclusive for the user systems. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
11. A method for facilitating data leakage and/or propagation tracking on a network, the method being implemented on a computer system that includes one or more processors executing computer program instructions that, when executed, perform the method, the method comprising:
-
obtaining a set of hashes that are associated with files of a user system, and a reference set of hashes that are associated with files of a reference system; determining an additional subset of hashes included in the set of hashes and not included in the reference set of hashes based on a comparison between the set of hashes and the reference set of hashes; predicting that a file is exclusive for one or more users or exclusive for one or more user systems, the file being associated with a hash included in the additional subset of hashes; scanning one or more other user systems to determine what files are on the other user systems, wherein each of the other user systems is assigned to one or more other users or is not one of the user systems; and generating an alert indicating unauthorized activity, wherein the alert is generated responsive to the scan indicating that the other user systems contain the file predicted to be exclusive for the users or exclusive for the user systems. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory, computer-readable media storing machine-readable instructions that, when executed, by a data processing apparatus cause the data processing apparatus to perform operations comprising:
-
obtaining a set of hashes that are associated with files of a user system, and a reference set of hashes that are associated with files of a reference system; determining an additional subset of hashes included in the set of hashes and not included in the reference set of hashes based on a comparison between the set of hashes and the reference set of hashes; predicting that a file is exclusive for one or more users or exclusive for one or more user systems, the file being associated with a hash included in the additional subset of hashes; scanning one or more other user systems to determine what files are on the other user systems, wherein each of the other user systems is assigned to one or more other users or is not one of the user systems; and generating an alert indicating unauthorized activity, wherein the alert is generated responsive to the scan indicating that the other user systems contain the file predicted to be exclusive for the users or exclusive for the user systems. - View Dependent Claims (20)
-
Specification