Visual based malicious activity detection
First Claim
1. A method for preventing transmission of sensitive information outside of a network, comprising:
- determining an identification of an end user of a computing device;
acquiring a malicious activity filter associated with the identification of the end user, the malicious activity filter comprises a rule corresponding with the performance of a particular facial expression;
capturing images of the end user while the end user is operating the computing device;
determining that the end user is editing an electronic file that includes the sensitive information;
detecting that a suspicious event has occurred based on the malicious activity filter and the captured images, the detecting that a suspicious event has occurred comprises detecting that the end user has performed the particular facial expression while editing the electronic file that includes the sensitive information;
determining that the end user intends to transmit the electronic file outside of the network; and
performing a mitigating action in response to detecting that the suspicious event has occurred and determining that the end user intends to transmit the electronic file outside of the network, the performing a mitigating action comprises issuing an alert to the end user of the computing device and requiring confirmation from the end user that they intend to transmit the electronic file outside of the network, the malicious activity filter comprises a rule corresponding with a particular phrase being spoken.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods for preventing the transmission of sensitive information to locations outside of a secure network by a person who has legitimate access to the sensitive information are described. In some embodiments, in order for an end user of a computing device to establish a secure connection with a secure network and access data stored on the secure network, a client application running on the computing device may be required by the secure network. The client application may monitor visual cues (e.g., facial expressions and gestures) associated with the end user, detect suspicious activity performed by the end user based on the visual cues, and in response to detecting suspicious activity may perform mitigating actions to prevent the transmission of sensitive information such as alerting human resources personnel or requiring authorization prior to sending information to locations outside of the secure network.
-
Citations
16 Claims
-
1. A method for preventing transmission of sensitive information outside of a network, comprising:
-
determining an identification of an end user of a computing device; acquiring a malicious activity filter associated with the identification of the end user, the malicious activity filter comprises a rule corresponding with the performance of a particular facial expression; capturing images of the end user while the end user is operating the computing device; determining that the end user is editing an electronic file that includes the sensitive information; detecting that a suspicious event has occurred based on the malicious activity filter and the captured images, the detecting that a suspicious event has occurred comprises detecting that the end user has performed the particular facial expression while editing the electronic file that includes the sensitive information; determining that the end user intends to transmit the electronic file outside of the network; and performing a mitigating action in response to detecting that the suspicious event has occurred and determining that the end user intends to transmit the electronic file outside of the network, the performing a mitigating action comprises issuing an alert to the end user of the computing device and requiring confirmation from the end user that they intend to transmit the electronic file outside of the network, the malicious activity filter comprises a rule corresponding with a particular phrase being spoken. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system, comprising:
-
a camera, the camera captures images of an end user of the system; a storage device, the storage device stores an identification of the end user of the system; and a processor in communication with the camera and the storage device, the processor acquires a malicious activity filter associated with the identification of the end user, the malicious activity filter comprises a rule corresponding with the performance of a particular facial expression, the processor determines that the end user is editing a document that includes sensitive information, the processor detects that the end user has performed the particular facial expression while editing the document that includes the sensitive information using the captured images, the processor determines that the end user intends to transmit the document outside of the system, the processor performs a mitigating action in response to detecting that the end user has performed the particular facial expression while editing the document and determining that the end user intends to transmit the document outside of the system, the performing a mitigating action comprises issuing an alert to the end user of the computing device and requiring confirmation from the end user that they intend to transmit the document outside of the system, the malicious activity filter comprises a rule corresponding with a particular phrase being spoken. - View Dependent Claims (14)
-
-
15. A computer program product, comprising:
a computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising; computer readable program code configured to determine an identification of an end user of a computing device connected to a network; computer readable program code configured to acquire a malicious activity filter associated with the identification of the end user, the malicious activity filter comprises a rule corresponding with the performance of a particular facial expression; computer readable program code configured to capture images of the end user while the end user is operating the computing device; computer readable program code configured to determine that the end user is editing a document that includes sensitive information; computer readable program code configured to detect that a suspicious event has occurred based on the malicious activity filter and the captured images, the detecting that a suspicious event has occurred comprises detecting that the end user has performed the particular facial expression while editing the document that includes the sensitive information, the detecting that the suspicious event has occurred is performed in response to determining that the end user is editing the document that includes the sensitive information; computer readable program code configured to determine that the end user intends to transmit the document outside of the network; and computer readable program code configured to perform a mitigating action in response to detecting that that the suspicious event has occurred and determining that the end user intends to transmit the document outside of the network, the mitigating action comprises issuing an alert to the end user of the computing device and requiring confirmation from the end user that they intend to transmit the electronic file outside of the network, the malicious activity filter comprises a rule corresponding with a particular phrase being spoken. - View Dependent Claims (16)
Specification