Computer security apparatus
First Claim
1. A computer-implemented method, comprising executing on a computer processor the steps of:
- defining a first sequential action data set of a plurality of different actions that are performed sequentially in engaging a computer system to execute a first data operation on the computer system to comprise a first-set initial engagement action that initially engages an initial location of the computer system to execute the first data operation, a first-set middle engagement action that engages the computer system after the engagement by first-set initial engagement action to execute the first data operation, and a first-set final terminating action that engages the computer system after the engagement by the first-set middle engagement action and terminates execution of the first data operation by transferring data between the initial location and a first location of the computer system that is different from the initial location;
categorizing the first sequential action data set as a normal category operation in response to determining that the first sequential action data set of the plurality of different actions engage the computer system to execute an allowable data operation on the computer system;
categorizing the first sequential action data set as an abnormal category operation in response to determining that the first sequential action data set of the plurality of different actions engage the computer system to execute a forbidden data operation on the computer system;
randomly selecting one of the actions of the first sequential action data set;
randomly selecting a plurality of actions of a second sequential action data set that has the category of the first sequential action data set, wherein the second sequential action data set comprises a different plurality of actions that are performed sequentially in engaging the computer system to execute a second data operation on the computer system and comprises a second-set initial engagement action that initially engages the computer system initial location to execute the second data operation, a second-set middle engagement action that engages the computer system after the engagement by second-set initial engagement action to execute the second data operation, and a second-set final terminating action that engages the computer system after the engagement by the second-set middle engagement action and terminates execution of the second data operation by transferring data between the initial location and a second location of the computer system that is different from the initial location and from the first location;
generating a random sequential action data set for the category of the first sequential action data set and the second sequential data set by combining the randomly selected plurality of actions into an order that is performed sequentially in engaging the computer system at the initial location to execute a random data set operation on the computer system that comprises transferring data between the initial location and one of the first location and the second location;
in response to an input to a network of the computer system of a third sequential set of different actions that are performed sequentially in engaging the computer system at the initial location to execute a third data operation on the computer system comprising transferring data between the initial location and another location of the computer system that is different from the initial location, comparing the third sequential set of actions to the generated random sequential action data set plurality of actions;
labeling the third sequential set with the normal category or the abnormal category of the random sequential action data set in response to determining that the third sequence of actions matches each of a sequence of the sequential actions of the random sequential action data set; and
labeling the third sequential set with a different one of the normal category or the abnormal category of the random sequential action data set in response to determining that the third sequence of actions does not match a sequence of the sequential actions of the random sequential action data set; and
wherein the initial, first, second and another locations are each selected from the group consisting of a serial bus port of the computer system, a location defined within a file system of the computer system, a location defined on a memory resource of the computer system, and a location defined by an internet protocol address.
2 Assignments
0 Petitions
Accused Products
Abstract
Aspects provide for an automated computer security apparatus. A first sequential action data set of different actions performed sequentially in engaging a computer system to execute a data operation on the computer system is categorized as a normal or abnormal operation. Actions of the first sequential action data set and of another (second) sequential action data set of different actions having the same normal or abnormal category of the first set are randomly selected and combined to generate a random sequential action data set for the common category of the first and second sequential action data sets, to define a sequential order of actions performed sequentially in engaging the computer system to execute a random set data operation on the computer system.
13 Citations
17 Claims
-
1. A computer-implemented method, comprising executing on a computer processor the steps of:
-
defining a first sequential action data set of a plurality of different actions that are performed sequentially in engaging a computer system to execute a first data operation on the computer system to comprise a first-set initial engagement action that initially engages an initial location of the computer system to execute the first data operation, a first-set middle engagement action that engages the computer system after the engagement by first-set initial engagement action to execute the first data operation, and a first-set final terminating action that engages the computer system after the engagement by the first-set middle engagement action and terminates execution of the first data operation by transferring data between the initial location and a first location of the computer system that is different from the initial location; categorizing the first sequential action data set as a normal category operation in response to determining that the first sequential action data set of the plurality of different actions engage the computer system to execute an allowable data operation on the computer system; categorizing the first sequential action data set as an abnormal category operation in response to determining that the first sequential action data set of the plurality of different actions engage the computer system to execute a forbidden data operation on the computer system; randomly selecting one of the actions of the first sequential action data set; randomly selecting a plurality of actions of a second sequential action data set that has the category of the first sequential action data set, wherein the second sequential action data set comprises a different plurality of actions that are performed sequentially in engaging the computer system to execute a second data operation on the computer system and comprises a second-set initial engagement action that initially engages the computer system initial location to execute the second data operation, a second-set middle engagement action that engages the computer system after the engagement by second-set initial engagement action to execute the second data operation, and a second-set final terminating action that engages the computer system after the engagement by the second-set middle engagement action and terminates execution of the second data operation by transferring data between the initial location and a second location of the computer system that is different from the initial location and from the first location; generating a random sequential action data set for the category of the first sequential action data set and the second sequential data set by combining the randomly selected plurality of actions into an order that is performed sequentially in engaging the computer system at the initial location to execute a random data set operation on the computer system that comprises transferring data between the initial location and one of the first location and the second location; in response to an input to a network of the computer system of a third sequential set of different actions that are performed sequentially in engaging the computer system at the initial location to execute a third data operation on the computer system comprising transferring data between the initial location and another location of the computer system that is different from the initial location, comparing the third sequential set of actions to the generated random sequential action data set plurality of actions; labeling the third sequential set with the normal category or the abnormal category of the random sequential action data set in response to determining that the third sequence of actions matches each of a sequence of the sequential actions of the random sequential action data set; and labeling the third sequential set with a different one of the normal category or the abnormal category of the random sequential action data set in response to determining that the third sequence of actions does not match a sequence of the sequential actions of the random sequential action data set; and wherein the initial, first, second and another locations are each selected from the group consisting of a serial bus port of the computer system, a location defined within a file system of the computer system, a location defined on a memory resource of the computer system, and a location defined by an internet protocol address. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system, comprising:
-
a processor; a computer readable memory in circuit communication with the processor; and a computer readable storage medium in circuit communication with the processor; wherein the processor executes program instructions stored on the computer-readable storage medium via the computer readable memory and thereby; defines a first sequential action data set of a plurality of different actions that are performed sequentially in engaging the computer system to execute a first data operation on the computer system to comprise a first-set initial engagement action that initially engages an initial location of the computer system to execute the first data operation, a first-set middle engagement action that engages the computer system after the engagement by first-set initial engagement action to execute the first data operation, and a first-set final terminating action that engages the computer system after the engagement by the first-set middle engagement action and terminates execution of the first data operation by transferring data between the initial location and a first location of the computer system that is different from the initial location; categorizes the first sequential action data set as a normal category operation in response to determining that the first sequential action data set of the plurality of different actions engage the computer system to execute an allowable data operation on the computer system; categorizes the first sequential action data set as an abnormal category operation in response to determining that the first sequential action data set of the plurality of different actions engages the computer system to execute a forbidden data operation on the computer system; randomly selects one of the actions of the first sequential action data set; randomly selects a plurality of actions of a second sequential action data set that has the category of the first sequential action data set, wherein the second sequential action data set comprises a different plurality of actions that are performed sequentially in engaging the computer system to execute a second data operation on the computer system and comprises a second-set initial engagement action that initially engages the computer system initial location to execute the second data operation, a second-set middle engagement action that engages the computer system after the engagement by second-set initial engagement action to execute the second data operation, and a second-set final terminating action that engages the computer system after the engagement by the second-set middle engagement action and terminates execution of the second data operation by transferring data between the initial location and a second location of the computer system that is different from the initial location and from the first location; generates a random sequential action data set for the category of the first sequential action data set and the second sequential data set by combining the randomly selected plurality of actions into an order that is performed sequentially in engaging the computer system at the initial location to execute a random data set operation on the computer system that comprises transferring data between the initial location and one of the first location and the second location; in response to an input to a network of the computer system of a third sequential set of different actions that are performed sequentially in engaging the computer system at the initial location to execute a third data operation on the computer system comprising transferring data between the initial location and another location of the computer system that is different from the initial location, comparing the third sequential set of actions to the generated random sequential action data set plurality of actions; labeling the third sequential set with the normal category or the abnormal category of the random sequential action data set in response to determining that the third sequence of actions matches each of a sequence of the sequential actions of the random sequential action data set; and labeling the third sequential set with a different one of the normal category or the abnormal category of the random sequential action data set in response to determining that the third sequence of actions does not match a sequence of the sequential actions of the random sequential action data set; and wherein the initial, first, second and another locations are each selected from the group consisting of a serial bus port of the computer system, a location defined within a file system of the computer system, a location defined on a memory resource of the computer system, and a location defined by an internet protocol address. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A computer program product, comprising:
-
a computer readable storage medium having computer readable program code embodied therewith, wherein the computer readable storage medium is not a transitory signal per se, the computer readable program code comprising instructions for execution by a processor that cause the processor to; define a first sequential action data set of a plurality of different actions that are performed sequentially in engaging the computer system to execute a first data operation on the computer system to comprise a first-set initial engagement action that initially engages an initial location of the computer system to execute the first data operation, a first-set middle engagement action that engages the computer system after the engagement by first-set initial engagement action to execute the first data operation, and a first-set final terminating action that engages the computer system after the engagement by the first-set middle engagement action and terminates execution of the first data operation by transferring data between the initial location and a first location of the computer system that is different from the initial location; categorize the first sequential action data set as a normal category operation in response to determining that the first sequential action data set of the plurality of different actions engage the computer system to execute an allowable data operation on the computer system; categorize the first sequential action data set as an abnormal category operation in response to determining that the first sequential action data set of the plurality of different actions engage the computer system to execute a forbidden data operation on the computer system; randomly select one of the actions of the first sequential action data set; randomly selects a plurality of actions of a second sequential action data set that has the category of the first sequential action data set, wherein the second sequential action data set comprises a different plurality of actions that are performed sequentially in engaging the computer system to execute a second data operation on the computer system and comprises a second-set initial engagement action that initially engages the computer system initial location to execute the second data operation, a second-set middle engagement action that engages the computer system after the engagement by second-set initial engagement action to execute the second data operation, and a second-set final terminating action that engages the computer system after the engagement by the second-set middle engagement action and terminates execution of the second data operation by transferring data between the initial location and a second location of the computer system that is different from the initial location and from the first location; generate a random sequential action data set for the category of the first sequential action data set and the second sequential data set by combining the randomly selected plurality of actions into an order that is performed sequentially in engaging the computer system at the initial location to execute a random set data operation on the computer system that comprises transferring data between the initial location and one of the first location and the second location; in response to an input to a network of the computer system of a third sequential set of different actions that are performed sequentially in engaging the computer system at the initial location to execute a third data operation on the computer system comprising transferring data between the initial location and another location of the computer system that is different from the initial location, compare the third sequential set of actions to the generated random sequential action data set plurality of actions; label the third sequential set with the normal category or the abnormal category of the random sequential action data set in response to determining that the third sequence of actions matches a sequence of the sequential actions of the random sequential action data set; and label the third sequential set with a different one of the normal category or the abnormal category of the random sequential action data set in response to determining that the third sequence of actions does not match a sequence of the sequential actions of the random sequential action data set; and wherein the initial, first, second and another locations are each selected from the group consisting of a serial bus port of the computer system, a location defined within a file system of the computer system, a location defined on a memory resource of the computer system, and a location defined by an internet protocol address. - View Dependent Claims (14, 15, 16, 17)
-
Specification