×

Method and apparatus to detect unauthorized information disclosure via content anomaly detection

  • US 20050091532A1
  • Filed: 02/17/2004
  • Published: 04/28/2005
  • Est. Priority Date: 02/25/2003
  • Status: Active Grant
First Claim
Patent Images

1. Method for content-level monitoring, auditing, trending, and detection of anomalies in access to information, said information including electronic data on computers, said method comprising the steps of:

  • a) Capturing of packets on the network b) Filtering packets to detect meaningful packets representing information content c) Decoding packets based on semantics of the application or protocol d) Analyzing packets to map message information contained in the packet into a quantitative representation e) Deriving a content signature from the quantitative representation f) Storing the content, along with the signature and attributes into a database g) Mining the content database to derive prototypical model of content, users, and time h) Detecting anomalies by finding strong deviations from the prototypical model i) Processing anomalies to minimize false alarms and increase the precision of anomalies

View all claims
  • 11 Assignments
Timeline View
Assignment View
    ×
    ×