×

Computer security apparatus

  • US 10,673,878 B2
  • Filed: 05/19/2016
  • Issued: 06/02/2020
  • Est. Priority Date: 05/19/2016
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method, comprising executing on a computer processor the steps of:

  • defining a first sequential action data set of a plurality of different actions that are performed sequentially in engaging a computer system to execute a first data operation on the computer system to comprise a first-set initial engagement action that initially engages an initial location of the computer system to execute the first data operation, a first-set middle engagement action that engages the computer system after the engagement by first-set initial engagement action to execute the first data operation, and a first-set final terminating action that engages the computer system after the engagement by the first-set middle engagement action and terminates execution of the first data operation by transferring data between the initial location and a first location of the computer system that is different from the initial location;

    categorizing the first sequential action data set as a normal category operation in response to determining that the first sequential action data set of the plurality of different actions engage the computer system to execute an allowable data operation on the computer system;

    categorizing the first sequential action data set as an abnormal category operation in response to determining that the first sequential action data set of the plurality of different actions engage the computer system to execute a forbidden data operation on the computer system;

    randomly selecting one of the actions of the first sequential action data set;

    randomly selecting a plurality of actions of a second sequential action data set that has the category of the first sequential action data set, wherein the second sequential action data set comprises a different plurality of actions that are performed sequentially in engaging the computer system to execute a second data operation on the computer system and comprises a second-set initial engagement action that initially engages the computer system initial location to execute the second data operation, a second-set middle engagement action that engages the computer system after the engagement by second-set initial engagement action to execute the second data operation, and a second-set final terminating action that engages the computer system after the engagement by the second-set middle engagement action and terminates execution of the second data operation by transferring data between the initial location and a second location of the computer system that is different from the initial location and from the first location;

    generating a random sequential action data set for the category of the first sequential action data set and the second sequential data set by combining the randomly selected plurality of actions into an order that is performed sequentially in engaging the computer system at the initial location to execute a random data set operation on the computer system that comprises transferring data between the initial location and one of the first location and the second location;

    in response to an input to a network of the computer system of a third sequential set of different actions that are performed sequentially in engaging the computer system at the initial location to execute a third data operation on the computer system comprising transferring data between the initial location and another location of the computer system that is different from the initial location, comparing the third sequential set of actions to the generated random sequential action data set plurality of actions;

    labeling the third sequential set with the normal category or the abnormal category of the random sequential action data set in response to determining that the third sequence of actions matches each of a sequence of the sequential actions of the random sequential action data set; and

    labeling the third sequential set with a different one of the normal category or the abnormal category of the random sequential action data set in response to determining that the third sequence of actions does not match a sequence of the sequential actions of the random sequential action data set; and

    wherein the initial, first, second and another locations are each selected from the group consisting of a serial bus port of the computer system, a location defined within a file system of the computer system, a location defined on a memory resource of the computer system, and a location defined by an internet protocol address.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×