Detecting Behavioral Patterns and Anomalies Using Activity Data
First Claim
Patent Images
1. A method of managing information of a system comprising:
- providing a plurality of information management rules;
providing an activity database;
gathering activity data from a first target in the activity database;
gathering activity data from a second target in the activity database;
associating at least a first rule of the information management rules to the first target;
evaluating the data stored in the activity database according to a detection algorithm, wherein the detection algorithm detects at least one of;
a first condition comprising the first target has attempted to access a unit of information more than X1 times in a Y1 time period;
a second condition comprising the first target has attempted to access more than X2 units of information in a Y2 time period;
ora third condition comprising the first target has an aggregated usage time in a program above a time value X3 in a Y3 time period;
based on the detection algorithm, determining at least one of the first, second, or third conditions has occurred, and then associating a second rule to the first target; and
for the first target, controlling usage of information based on the at least first rule of information management rules and the second rule.
1 Assignment
0 Petitions
Accused Products
Abstract
Activity data is analyzed or evaluated to detect behavioral patterns and anomalies. When a particular pattern or anomaly is detected, a system may send a notification or perform a particular task. This activity data may be collected in an information management system, which may be policy based. Notification may be by way e-mail, report, pop-up message, or system message. Some tasks to perform upon detection may include implementing a policy in the information management system, disallowing a user from connecting to the system, and restricting a user from being allowed to perform certain actions. To detect a pattern, activity data may be compared to a previously defined or generated activity profile.
-
Citations
2 Claims
-
1. A method of managing information of a system comprising:
-
providing a plurality of information management rules; providing an activity database; gathering activity data from a first target in the activity database; gathering activity data from a second target in the activity database; associating at least a first rule of the information management rules to the first target; evaluating the data stored in the activity database according to a detection algorithm, wherein the detection algorithm detects at least one of; a first condition comprising the first target has attempted to access a unit of information more than X1 times in a Y1 time period; a second condition comprising the first target has attempted to access more than X2 units of information in a Y2 time period;
ora third condition comprising the first target has an aggregated usage time in a program above a time value X3 in a Y3 time period; based on the detection algorithm, determining at least one of the first, second, or third conditions has occurred, and then associating a second rule to the first target; and for the first target, controlling usage of information based on the at least first rule of information management rules and the second rule.
-
-
2. A method of managing information of a system comprising:
-
providing a plurality of information management rules; providing an activity database; gathering activity data from a first target in the activity database; gathering activity data from a second target in the activity database; associating at least a first rule of the information management rules to the first target; evaluating the data stored in the activity database according to a detection algorithm; based on the detection algorithm, associating a second rule to the first target; and for the first target, controlling usage of information based on the at least first rule of information management rules and the second rule.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current726/1
-
CPC Class CodesG06F 11/3438 monitoring of user actions ...G06F 16/122 using management policies b...G06F 16/13 File access structures, e.g...G06F 16/176 Support for shared access t...G06F 16/93 Document management systemsG06F 21/6218 to a system of files or obj...G06F 2221/2101 Auditing as a secondary aspectG06F 9/468 Specific access rights for ...H04L 63/10 for controlling access to d...H04L 63/101 Access control lists [ACL]H04L 63/104 Grouping of entitiesH04L 63/105 Multiple levels of securityH04L 63/20 for managing network securi...H04L 63/205 involving negotiation or de...
