Transaction-based intrusion detection
First Claim
1. An intrusion detection system comprising a processor, and a memory with instructions which when executed by the processor cause the processor to perform a plurality of operations, the plurality of operations comprising:
- receiving transaction information related to a current transaction between a client entity and a resource server;
accessing a database storing a plurality of transaction groups, wherein the transaction groups are formed based on a plurality of past transactions between a plurality of client entities and the resource server;
analyzing the received transaction information with respect to information related to at least one of the plurality of transaction groups associated with a user, the user associated with the current transaction;
based on said analyzing, determining a possibility of an occurrence of an intrusion act at the resource server; and
dynamically updating the plurality of transaction groups based at least on the received transaction information, wherein said dynamically updating comprises disassociating the user from the at least one of the plurality of transaction groups, associating the user with a transaction group other than the at least one of the plurality of transaction groups, or both;
obtaining identity information of the user; and
based on a determination that the intrusion act has occurred at the resource server, one or more selected from;
modifying access privileges of the user for accessing one or more of the plurality of client entities, the resource server, or a combination thereof,notifying an administrative entity about the intrusion act, orrecording the received transaction information, the identityinformation, or both, in a list of intrusion acts.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are provided for intrusion detection. The systems and methods may include receiving transaction information related to one or more current transactions between a client entity and a resource server, accessing a database storing a plurality of transaction groups, analyzing the received transaction information with respect to information related to at least one of the plurality of transaction groups, and based on said analyzing, determining a possibility of an occurrence of an intrusion act at the resource server. The transaction groups may be formed based on a plurality of past transactions between a plurality of client entities and the resource server. Identity information of a user associated with the one or more current transactions may also be received along with the transaction information. The user may be associated with at least one of the plurality of transaction groups.
-
Citations
18 Claims
-
1. An intrusion detection system comprising a processor, and a memory with instructions which when executed by the processor cause the processor to perform a plurality of operations, the plurality of operations comprising:
-
receiving transaction information related to a current transaction between a client entity and a resource server; accessing a database storing a plurality of transaction groups, wherein the transaction groups are formed based on a plurality of past transactions between a plurality of client entities and the resource server; analyzing the received transaction information with respect to information related to at least one of the plurality of transaction groups associated with a user, the user associated with the current transaction; based on said analyzing, determining a possibility of an occurrence of an intrusion act at the resource server; and dynamically updating the plurality of transaction groups based at least on the received transaction information, wherein said dynamically updating comprises disassociating the user from the at least one of the plurality of transaction groups, associating the user with a transaction group other than the at least one of the plurality of transaction groups, or both; obtaining identity information of the user; and based on a determination that the intrusion act has occurred at the resource server, one or more selected from; modifying access privileges of the user for accessing one or more of the plurality of client entities, the resource server, or a combination thereof, notifying an administrative entity about the intrusion act, or recording the received transaction information, the identity information, or both, in a list of intrusion acts. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-implemented method of intrusion detection, the method executed by a processor configured to perform a plurality of operations, the plurality of operations comprising:
-
receiving transaction information related to a current transaction between a client entity and a resource server; accessing a database storing a plurality of transaction groups, wherein the transaction groups are formed based on a plurality of past transactions between a plurality of client entities and the resource server; analyzing the received transaction information with respect to information related to at least one of the plurality of transaction groups associated with a user, the user associated with the current transaction; based on said analyzing, determining a possibility of an occurrence of an intrusion act at the resource server; and dynamically updating the plurality of transaction groups based at least on the received transaction information, wherein said dynamically updating comprises disassociating the user from the at least one of the plurality of transaction groups, associating the user with a transaction group other than the at least one of the plurality of transaction groups, or both; obtaining identity information of the user; and based on a determination that the intrusion act has occurred at the resource server, one or more selected from; modifying access privileges of the user for accessing one or more of the plurality of client entities, the resource server, or a combination thereof, notifying an administrative entity about the intrusion act, or recording the received transaction information, the identity information, or both, in a list of intrusion acts. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable medium comprising computer-readable instructions, the computer-readable instructions when executed by a processor, causes the processor to carry out a plurality of operations, the plurality of operations comprising:
-
receiving transaction information related to a current transaction between a client entity and a resource server; accessing a database storing a plurality of transaction groups, wherein the transaction groups are formed based on a plurality of past transactions between a plurality of client entities and the resource server; analyzing the received transaction information with respect to information related to at least one of the plurality of transaction groups associated with a user, the user associated with the current transaction; based on said analyzing, determining a possibility of an occurrence of an intrusion act at the resource server; and dynamically updating the plurality of transaction groups based at least on the received transaction information, wherein said dynamically updating comprises disassociating the user from the at least one of the plurality of transaction groups, associating the user with a transaction group other than the at least one of the plurality of transaction groups, or both; obtaining identity information of the user; and based on a determination that the intrusion act has occurred at the resource server, one or more selected from; modifying access privileges of the user for accessing one or more of the plurality of client entities, the resource server, or a combination thereof, notifying an administrative entity about the intrusion act, or recording the received transaction information, the identity information, or both, in a list of intrusion acts. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification