DATA LEAK PREVENTION ENFORCEMENT BASED ON LEARNED DOCUMENT CLASSIFICATION
First Claim
Patent Images
1. An automated method for data leak prevention, the method comprising:
- obtaining, automatically by a processor, a plurality of training documents, each of the training documents including at least respective content and respective metadata;
generating a classification model, automatically by the processor, wherein the classification model is generated, based at least in part upon the content and metadata of each of the training documents;
obtaining, automatically by the processor, at least one non-training document, wherein the non-training document includes at least respective content;
applying to the non-training document, automatically by the processor, the classification model in order to classify the non-training document into one of at least two categories;
monitoring, automatically by the processor, for attempted access to the non-training document; and
taking action, automatically by the processor, when the monitoring determines the existence of the attempted access to the non-training document;
wherein the action that is taken is based upon the category into which the non-training document to which access is attempted has been classified; and
wherein the action that is taken comprises one of;
(a) denying access to the non-training document to which access is attempted;
(b) logging the attempted access to the non-training document to which access is attempted; and
(c) a combination thereof.
2 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure relates generally to the field of automatically learning and automatically adapting to perform classification of protected data. In various examples, learning and adapting to perform classification of protected data may be implemented in the form of systems, methods and/or algorithms.
-
Citations
20 Claims
-
1. An automated method for data leak prevention, the method comprising:
-
obtaining, automatically by a processor, a plurality of training documents, each of the training documents including at least respective content and respective metadata; generating a classification model, automatically by the processor, wherein the classification model is generated, based at least in part upon the content and metadata of each of the training documents; obtaining, automatically by the processor, at least one non-training document, wherein the non-training document includes at least respective content; applying to the non-training document, automatically by the processor, the classification model in order to classify the non-training document into one of at least two categories; monitoring, automatically by the processor, for attempted access to the non-training document; and taking action, automatically by the processor, when the monitoring determines the existence of the attempted access to the non-training document; wherein the action that is taken is based upon the category into which the non-training document to which access is attempted has been classified; and wherein the action that is taken comprises one of;
(a) denying access to the non-training document to which access is attempted;
(b) logging the attempted access to the non-training document to which access is attempted; and
(c) a combination thereof. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer readable storage medium, tangibly embodying a program of instructions executable by the computer for automated data leak prevention, the program of instructions, when executing, performing the following steps:
-
obtaining automatically a plurality of training documents, each of the training documents including at least respective content and respective metadata; generating automatically a classification model, wherein the classification model is generated, based at least in part upon the content and metadata of each of the training documents; obtaining automatically at least one non-training document, wherein the non-training document includes at least respective content; applying automatically to the non-training document the classification model in order to classify the non-training document into one of at least two categories; monitoring automatically for attempted access to the non-training document; and taking action automatically when the monitoring determines the existence of the attempted access to the non-training document; wherein the action that is taken is based upon the category into which the non-training document to which access is attempted has been classified; and wherein the action that is taken comprises one of;
(a) denying access to the non-training document to which access is attempted;
(b) logging the attempted access to the non-training document to which access is attempted; and
(c) a combination thereof. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer-implemented system for automatic data leak prevention, the system comprising:
-
a first obtaining element configured to obtain automatically a plurality of training documents, each of the training documents including at least respective content and respective metadata; a first generating element configured to generate automatically a classification model, wherein the classification model is generated, based at least in part upon the content and metadata of each of the training documents; a second obtaining element configured to obtain automatically at least one non-training document, wherein the non-training document includes at least respective content; an applying element configured to apply automatically to the non-training document the classification model in order to classify the non-training document into one of at least two categories; a monitoring element configured to monitor automatically for attempted access to the non-training document; and a taking action element configured to take action automatically when the monitoring determines the existence of the attempted access to the non-training document; wherein the action that is taken is based upon the category into which the non-training document to which access is attempted has been classified; and wherein the action that is taken comprises one of;
(a) denying access to the non-training document to which access is attempted;
(b) logging the attempted access to the non-training document to which access is attempted; and
(c) a combination thereof. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification