×

Crowd based detection of device compromise in enterprise setting

  • US 9,888,021 B2
  • Filed: 09/29/2015
  • Issued: 02/06/2018
  • Est. Priority Date: 09/29/2015
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for detecting anomalous behavior of mobile computing devices, the method comprising:

  • establishing, by a plurality of mobile computing devices, a mobile ad hoc network (MANET) among the plurality of mobile computing devices, wherein each of the plurality of mobile computing devices communicates with all others of the plurality of computing devices over the MANET, and each of the plurality of mobile computing devices also communicates with a server over a network;

    receiving, by one or more of the plurality of mobile computing devices from each of the plurality of mobile computing devices, device status information and environmental status information over the MANET;

    detecting, by one of the one or more of the plurality of mobile computing devices, anomalous behavior of a mobile computing device of the plurality of mobile computing devices, based on the received information;

    in response to detecting the anomalous behavior;

    communicating, by the one of the one or more of the plurality of mobile computing devices to each of the plurality of mobile computing devices not having the anomalous device behavior, an alert relating to the detected anomalous device behavior;

    receiving, by the server from each of the plurality of mobile computing devices over the network, the device status information and environmental status information;

    generating, by the computing system, a predictive behavioral model of each of the plurality of mobile computing devices, based on the received device status information and environmental status information;

    comparing, by the server, device status information and environmental status information being received from each of the plurality of mobile computing devices to the generated predictive behavioral model of each of the plurality of mobile computing devices to determine if anomalous behavior has occurred; and

    in response to determining, by the server, that anomalous behavior has occurred;

    communicating, by the server to each of the plurality of mobile computing devices not having the anomalous device behavior, an alert relating to the detected anomalous device behavior.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×