×

Method and apparatus to detect unauthorized information disclosure via content anomaly detection

  • US 8,286,237 B2
  • Filed: 02/17/2004
  • Issued: 10/09/2012
  • Est. Priority Date: 02/25/2003
  • Status: Active Grant
First Claim
Patent Images

1. A method of performing an application layer semantic analysis to detect information access anomalies, comprising:

  • a) capturing data packets;

    b) filtering the captured data packets to detect information content;

    c) processing packets based on semantics of an application or protocol;

    d) generating a quantitative representation;

    e) deriving a content signature from the quantitative representation;

    f) deriving a prototypical model that includes a frequency view of a set of content signatures accessed by a given user, where the set of content signatures are indicative of content that is changing over time; and

    g) detecting an application layer information access anomaly by using a semantic analysis to detect a given deviation from the prototypical model.

View all claims
  • 11 Assignments
Timeline View
Assignment View
    ×
    ×