×

SYSTEMS AND METHODS FOR DETECTING MALICIOUS INSIDERS USING EVENT MODELS

  • US 20130019309A1
  • Filed: 07/12/2011
  • Published: 01/17/2013
  • Est. Priority Date: 07/12/2011
  • Status: Abandoned Application
First Claim
Patent Images

1. A method for detecting a covert mission, the method comprising:

  • providing an event model that models the covert mission, wherein the event model includes a plurality of ordered tasks;

    observing, using a first processor, an occurrence of a first task of the plurality of ordered tasks;

    in response to observing the occurrence of the first task, determining, using a second processor, that a second task of the plurality of ordered tasks occurred before the occurrence of the first task, wherein the second task precedes the first task in the event model;

    determining if there is a causal relationship between the occurrence of the first task and the occurrence of the second task; and

    determining that a covert mission exists based at least in part on the causal relationship.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×