Anomaly detection

US 20080022404A1
Filed: 10/10/2006
Published: 01/24/2008
Est. Priority Date: 07/07/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

monitoring access requests;

building intrusion profiles from the access requests;

storing the intrusion profiles on a trusted platform;

detecting application acts;

comparing the application acts to said intrusion profiles; and

based on the comparing of the application acts, performing a security action.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for improving application security in computing devices. The method comprises monitoring access requests between application and resources, building intrusion profiles based on monitoring observations, storing said profiles in a data repository, detecting application acts when applications are used, comparing acts to said profiles and based on comparison result performing a security action. Furthermore, suitable hardware and software implementations are disclosed.

44 Citations

View as Search Results

21 Claims

1. A method comprising:
- monitoring access requests;
  
  building intrusion profiles from the access requests;
  
  storing the intrusion profiles on a trusted platform;
  
  detecting application acts;
  
  comparing the application acts to said intrusion profiles; and
  
  based on the comparing of the application acts, performing a security action.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method according to claim 1, wherein performing the security action comprises sending a message to an administrator.
  - 3. The method according to claim 2, wherein the message is further sent to a user.
  - 4. The method according to claim 1, wherein performing the security action comprises performing a denial of request.
  - 5. The method according to claim 2, the method further comprising requesting a response to said message.

6. An apparatus, comprising:
- a processor configured to execute program code;
  
  a memory in communication with the processor configured to store intrusion profile data; and
  
  an anomaly detection component configured to detect deviating access requests and to perform a security action in response to the detecting.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The apparatus according to claim 6, wherein the anomaly detection component comprises a software module.
  - 8. The apparatus according to claim 6, wherein the anomaly detection component comprises a hardware component.
  - 9. The apparatus according to claim 6, wherein the security action comprises a message.
  - 10. The apparatus according to claim 6, wherein the security action of the anomaly detection component further comprises a denial of request.
  - 11. The apparatus according to claim 6, wherein the apparatus further comprises an external communication connection for accessing external resources.

12. An apparatus comprising:
- executing means for executing program code;
  
  storing means for storing intrusion profile data in communication with the execution means; and
  
  detection means for anomaly detection in communication with the executing means, which is configured to detect deviating access requests and to perform a security action in response to a detecting.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The apparatus according to claim 12, wherein the detection means is implemented as a software module.
  - 14. The apparatus according to claim 12, wherein the detection means comprising a hardware component.
  - 15. The apparatus according to claim 12, wherein the security action of the detection means comprises an alarm.
  - 16. The apparatus according to claim 12, wherein the security action comprises a denial of request.
  - 17. The apparatus according to claim 12, wherein the apparatus further comprises an external communication connection for accessing external resources.

18. A computer program embodied on a computer-readable medium comprising program code means configured to control a computing device to perform following:
- monitoring access requests;
  
  building intrusion profiles based upon the monitored access requests;
  
  storing the intrusion profiles;
  
  detecting application acts;
  
  comparing the detected application acts to said intrusion profiles; and
  
  based on comparison result, performing a security action.
- View Dependent Claims (19, 20, 21)
- - 19. The computer program according to claim 18, wherein the performing the security action comprises raising an alarm, which alarm is sent to the administrator.
  - 20. The computer program according to claim 19, wherein the alarm is further sent to the user.
  - 21. The computer program according to claim 18, wherein the security action comprises a denial of the request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Corporation
Original Assignee
Nokia Corporation
Inventors
Miettinen, Markus, Holtmanns, Silke

Application Number

US11/544,592
Publication Number

US 20080022404A1
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/554   involving event detection a...

G06F 21/57   Certifying or maintaining t...

Anomaly detection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Anomaly detection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others