METHODS AND SYSTEMS FOR DETECTING SUSPECTED DATA LEAKAGE USING TRAFFIC SAMPLES

US 20130298254A1
Filed: 10/26/2010
Published: 11/07/2013
Est. Priority Date: 10/26/2010
Status: Abandoned Application

First Claim

Patent Images

1. A method of detecting suspected data leakage in a network including a plurality of networked devices, the method comprising:

receiving a packet from a networked device of the plurality of networked devices;

determining the packet includes sampled traffic data, the sampled traffic data comprising a sample of a packet constituting network traffic through the networked device, the sample includes payload data from the packet constituting network traffic;

analyzing the payload data of the sampled traffic data;

determining, by a data loss detector, whether sensitive data is detected in the payload data of the sampled traffic data based on the analysis; and

performing a remedial action in response to determining that sensitive data is detected.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for detecting suspected data leakage in a network that includes a plurality of networked devices is described herein. A packet is received from a networked device of the plurality of networked devices. It is determined that the packet includes sampled traffic data. The sampled traffic data includes a sample of a packet constituting network traffic through the networked device, and the sample includes payload data from the packet constituting network traffic. The payload data of the sampled traffic data is analyzed. It is determined whether sensitive data is detected in the payload data of the sampled traffic data.

25 Citations

View as Search Results

15 Claims

1. A method of detecting suspected data leakage in a network including a plurality of networked devices, the method comprising:
- receiving a packet from a networked device of the plurality of networked devices;
  
  determining the packet includes sampled traffic data, the sampled traffic data comprising a sample of a packet constituting network traffic through the networked device, the sample includes payload data from the packet constituting network traffic;
  
  analyzing the payload data of the sampled traffic data;
  
  determining, by a data loss detector, whether sensitive data is detected in the payload data of the sampled traffic data based on the analysis; and
  
  performing a remedial action in response to determining that sensitive data is detected.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein analyzing the payload data comprises:
    - determining whether a credit card number or credit card track data is detected in the payload data; and
      
      determining whether a number comprising a social security candidate is detected in the payload data.
  - 3. The method of claim 2, wherein analyzing the payload data further comprises:
    - validating the number as a social security number where a social security candidate is detected;
      
      determining sensitive data is detected where the validation is successful; and
      
      determining sensitive data is not detected where the validation is unsuccessful.
  - 4. The method of claim 1, wherein the remedial action comprises generating an alert.
  - 5. The method of claim 1, further comprising logging the detection of sensitive data in an event table.

6. A method of detecting suspected data leakage in a network including a plurality of networked devices, the method comprising:
- accessing validation data provided by an entity authorized to issue social security numbers;
  
  updating, by a data loss detector, a list of valid social security codes based on the validation data;
  
  receiving a packet from a networked device of the plurality of networked devices;
  
  determining the packet includes sampled traffic data, the sampled traffic data comprising a sample of a packet constituting network traffic through the networked device, the sample includes payload data from the packet constituting network traffic;
  
  determining whether a number comprising a social security candidate is detected in the payload data;
  
  validating a plurality of digits of the number based on the list of valid social security codes; and
  
  determining sensitive data is detected where the plurality of digits is validated.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, further comprising performing a remedial action in response to determining that sensitive data is detected.
  - 8. The method of claim 7, wherein the remedial action comprises generating an alert.
  - 9. The method of claim 6, further comprising logging the detection of sensitive data in an event table.
  - 10. The method of claim 6, wherein the plurality of digits are comprised of an area number, a group number, and a serial number.

11. A system for detecting suspected data leakage in a network including a plurality of networked devices, the system comprising:
- a data collector configured to receive a sampled traffic datagram from a sampling agent of a networked device of the plurality of networked devices, the sampled traffic datagram comprising a sample of a packet constituting network traffic through the networked device, the sample includes payload data from the packet; and
  
  a data loss detector coupled to the data collector, the data loss detector configured to decode the sampled traffic datagram, analyze the payload data of the sampled traffic datagram, and determine whether sensitive data is detected in the payload data of the sampled traffic datagram.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, wherein the data collector is further configured to perform a remedial action in response to determining sensitive data is detected.
  - 13. The system of claim 12, wherein the remedial action comprises generating an alert.
  - 14. The system of claim 11, wherein the data collector is further configured to log a detection of sensitive data in an event table.
  - 15. The system of claim 11, wherein the data loss detector is configured to analyze the payload data by:
    - determining whether a credit card number or credit card track data is detected in the payload data; and
      
      determining whether a number comprising a social security candidate is detected in the payload data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
Koornstra, Reinoud Jelmer Jeroen, Thomas Hall, Matthew Richard

Application Number

US13/876,574
Publication Number

US 20130298254A1
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

H04L 41/06   Management of faults, event...

H04L 43/028   by filtering

H04L 63/0245   Filtering by information in...

H04L 63/105   Multiple levels of security

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/20   for managing network securi...

METHODS AND SYSTEMS FOR DETECTING SUSPECTED DATA LEAKAGE USING TRAFFIC SAMPLES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND SYSTEMS FOR DETECTING SUSPECTED DATA LEAKAGE USING TRAFFIC SAMPLES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links