System And Method For Detecting Behavior Anomaly In Information Access
First Claim
Patent Images
1. A system for detecting anomalous behavior in information access, comprising:
- a network interface unit for receiving data packets containing an information access request;
a memory for storing a database containing historical behavior information, the historical behavior information being implemented through a plurality of bitmap tables and counters, the content of each counter being derived from the bitmap tables, each counter having a threshold; and
a controller for analyzing the information access request and modeling the information access request into a plurality of basic elements,wherein the controller compares the information access request with the plurality of bitmap tables and counters and issues an alert if the information access request exceed the threshold in at least one counter.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a system and method for identifying anomaly in information requests. The information requests are modeled into a plurality of basic elements and association among the basic elements are tracked. The association of one information request is compared with a plurality of bitmap tables and counters representing a baseline information from a historical behavior information. If the association of this information request differs from the baseline information, an alert is issued.
-
Citations
20 Claims
-
1. A system for detecting anomalous behavior in information access, comprising:
-
a network interface unit for receiving data packets containing an information access request; a memory for storing a database containing historical behavior information, the historical behavior information being implemented through a plurality of bitmap tables and counters, the content of each counter being derived from the bitmap tables, each counter having a threshold; and a controller for analyzing the information access request and modeling the information access request into a plurality of basic elements, wherein the controller compares the information access request with the plurality of bitmap tables and counters and issues an alert if the information access request exceed the threshold in at least one counter. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for detecting anomalous information access, comprising the steps of:
-
receiving by a network interface unit data packets containing an information access request; parsing by a controller contents of the information access request into a plurality of basic elements; comparing by the controller each basic element of the information access request with a bitmap table representing a historical behavior information stored in a database; modifying a counter according to a comparison result; and issuing an alert if the counter exceeds a threshold set for the counter. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A method for detecting anomalous information access, comprising the steps of:
-
receiving an information access request at a network interface; disassembling the information access request into a plurality of basic elements; comparing each basic element with at least one bitmap table and at least one counter stored in a memory; and if an anomaly is detected through the comparing step, issuing an alert. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer-readable medium on which is stored a computer program for assigning system resources to connections associated with an originating server and a destination server in a communication network, the computer program comprising computer instructions that when executed by a computing device performs the steps for:
receiving by a network interface unit data packets containing an information access request;
Specification