Detecting Behavioral Patterns and Anomalies Using Activity Data
First Claim
1. A method of managing information of a system comprising:
- providing a plurality of information management rules;
providing an activity database;
gathering activity data from a first target in the activity database;
gathering activity data from a second target in the activity database;
associating at least a first rule of the information management rules to the first target;
evaluating the data stored in the activity database according to a detection algorithm, wherein the detection algorithm detects at least one of;
a first condition comprising the first target has attempted to access a unit of information more than X1 times in a Y1 time period;
a second condition comprising the first target has attempted to access more than X2 units of information in a Y2 time period;
ora third condition comprising the first target has an aggregated usage time in a program above a time value X3 in a Y3 time period;
based on the detection algorithm, determining at least one of the first, second, or third conditions has occurred, and then associating a second rule to the first target; and
for the first target, controlling usage of information based on the at least first rule of information management rules and the second rule.
1 Assignment
0 Petitions
Accused Products
Abstract
Activity data is analyzed or evaluated to detect behavioral patterns and anomalies. When a particular pattern or anomaly is detected, a system may send a notification or perform a particular task. This activity data may be collected in an information management system, which may be policy based. Notification may be by way e-mail, report, pop-up message, or system message. Some tasks to perform upon detection may include implementing a policy in the information management system, disallowing a user from connecting to the system, and restricting a user from being allowed to perform certain actions. To detect a pattern, activity data may be compared to a previously defined or generated activity profile.
-
Citations
2 Claims
-
1. A method of managing information of a system comprising:
-
providing a plurality of information management rules; providing an activity database; gathering activity data from a first target in the activity database; gathering activity data from a second target in the activity database; associating at least a first rule of the information management rules to the first target; evaluating the data stored in the activity database according to a detection algorithm, wherein the detection algorithm detects at least one of; a first condition comprising the first target has attempted to access a unit of information more than X1 times in a Y1 time period; a second condition comprising the first target has attempted to access more than X2 units of information in a Y2 time period;
ora third condition comprising the first target has an aggregated usage time in a program above a time value X3 in a Y3 time period; based on the detection algorithm, determining at least one of the first, second, or third conditions has occurred, and then associating a second rule to the first target; and for the first target, controlling usage of information based on the at least first rule of information management rules and the second rule.
-
-
2. A method of managing information of a system comprising:
-
providing a plurality of information management rules; providing an activity database; gathering activity data from a first target in the activity database; gathering activity data from a second target in the activity database; associating at least a first rule of the information management rules to the first target; evaluating the data stored in the activity database according to a detection algorithm; based on the detection algorithm, associating a second rule to the first target; and for the first target, controlling usage of information based on the at least first rule of information management rules and the second rule.
-
Specification