Anomaly detection
First Claim
Patent Images
1. A method comprising:
- monitoring access requests;
building intrusion profiles from the access requests;
storing the intrusion profiles on a trusted platform;
detecting application acts;
comparing the application acts to said intrusion profiles; and
based on the comparing of the application acts, performing a security action.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for improving application security in computing devices. The method comprises monitoring access requests between application and resources, building intrusion profiles based on monitoring observations, storing said profiles in a data repository, detecting application acts when applications are used, comparing acts to said profiles and based on comparison result performing a security action. Furthermore, suitable hardware and software implementations are disclosed.
44 Citations
21 Claims
-
1. A method comprising:
-
monitoring access requests; building intrusion profiles from the access requests; storing the intrusion profiles on a trusted platform; detecting application acts; comparing the application acts to said intrusion profiles; and based on the comparing of the application acts, performing a security action. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus, comprising:
-
a processor configured to execute program code; a memory in communication with the processor configured to store intrusion profile data; and an anomaly detection component configured to detect deviating access requests and to perform a security action in response to the detecting. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. An apparatus comprising:
-
executing means for executing program code; storing means for storing intrusion profile data in communication with the execution means; and detection means for anomaly detection in communication with the executing means, which is configured to detect deviating access requests and to perform a security action in response to a detecting. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A computer program embodied on a computer-readable medium comprising program code means configured to control a computing device to perform following:
-
monitoring access requests; building intrusion profiles based upon the monitored access requests; storing the intrusion profiles; detecting application acts; comparing the detected application acts to said intrusion profiles; and based on comparison result, performing a security action. - View Dependent Claims (19, 20, 21)
-
Specification