43 results about "Insider attack" patented technology

The present invention provides a policy specification framework to enable an enterprise to specify a given insider attack using a holistic view of a given data access, as well as the means to specify and implement one or more intrusion mitigation methods in response to the detection of such an attack. The policy specification provides for the use of “anomaly” and “signature” attributes that capture sophisticated behavioral characteristics of illegitimate data access. When the attack occurs, a previously-defined administrator (or system-defined) mitigation response (e.g., verification, disconnect, de-provision, network re-routing, or the like) is then implemented.

The present invention provides a policy specification framework to enable an enterprise to specify a given insider attack using a holistic view of a given data access, as well as the means to specify and implement one or more intrusion mitigation methods in response to the detection of such an attack. The policy specification provides for the use of “anomaly” and “signature” attributes that capture sophisticated behavioral characteristics of illegitimate data access. When the attack occurs, a previously-defined administrator (or system-defined) mitigation response (e.g., verification, disconnect, deprovision, or the like) is then implemented.

The present invention provides a policy specification framework to enable an enterprise to specify a given insider attack using a holistic view of a given data access, as well as the means to specify and implement one or more intrusion mitigation methods in response to the detection of such an attack. The policy specification provides for the use of “anomaly” and “signature” attributes that capture sophisticated behavioral characteristics of illegitimate data access. When the attack occurs, a previously-defined administrator (or system-defined) mitigation response (e.g., verification, disconnect, de-provision, or the like) is then implemented.

One embodiment of the present invention provides a system for detecting insider attacks in an organization. During operation, the system collects data describing user activities. The system extracts information from the data that includes user information and user communications. The system then generates a topic-specific graph based on the extracted information. The system analyzes a structure of the graph to determine if one or more rules have been violated. The system may determine that a rule associated with the graph has been violated and signal an alarm in response to detecting the rule violation.

Mechanism for identifying malicious content, DoS attacks, and illegal IPTV services. By monitoring the characteristics of various control messages being transmitted within a network that services Internet protocol television (IPTV) content to identify suspicious behavior (e.g., such as that associated with malicious content, denial of service (DoS) attacks, IPTV service stealing, etc.). In addition to monitoring control messages within such a network, deep packet inspection (DPI) may be performed for individual packets within an IPTV stream to identify malicious content therein (e.g., worms, viruses, etc. actually within the IPTV stream itself). By monitoring control messages and / or actual IPTV content within a network (e.g., vs. at the perimeter of a network only), protection against both outside and inside attacks can be effectuated. This network level basis of operation effectively guards against promulgation of malicious content to other devices within the network.

A multi-user encrypted secure data storage schema is described that is particularly suited for cloud based storage scenarios. This schema protects against an insider attacks be limiting administrator access to encrypted user data. The schema involves encrypting both the data set and user catalogs, where the catalogs contain data locations and data keys in metadata objects. The metadata objects may be share between users to provide others access to the data.

A system that facilitates protecting an internal network from internal attacks comprises an entity that requests access to the internal network, wherein the internal network includes a plurality of items. A multi-layered security component determines that the entity is authorized to access the internal network, and restricts access of the entity to a subset of the items. In accordance with one aspect of the present invention, a switch can be employed to restrict access of the entity to a subset of the items.

The invention relates to a safety authentication method of a cloud storage system, belonging to the field of storage technology and information security technology of computers. The method solves the problems that the existing safety authentication methods are complex in authentication process and great in authentication consumption, and aims at providing simple, flexible and efficient authentication with high expandability and high safety for service safety of a cloud storage system, so as to prevent invasion of external or internal attackers to the storage system. The method comprises a client process, an authentication end progress and a storage end progress; the client loads the user identifiers of all login users, and the authentication end loads an access control library. The method checks whether the operation authorization of the user is legal by calculating the verifying identifier, the storage end does not need to maintain the access control library any longer, and verification on the access request of the user can be completed with simple calculation, thereby greatly reducing expense of the storage system on access control, and providing flexible, safe, reliable and efficient file access for users having operation authorization in the large-scale cloud storage system.

The invention belongs to the technical field of cognitive radio networks, and discloses a two-way intrusion detection system and method based on cloud computing, and a cognitive radio network, including: initialization, data acquisition, data transmission, data processing, malicious behavior determination, and internal attack determination , attack alerts, malicious user handling. The present invention combines ultra-large-scale cloud computing, dynamic expansion of resources, and massive information processing, and utilizes cloud computing to save the time for agents to traverse the intrusion detection method in a distributed network; according to different attack targets, intelligent agents and cloud servers detect attacks on channels , the secondary node detects attacks against the terminal, simplifies the functions of secondary users and intelligent agents, and saves a lot of communication costs for reporting data to cloud servers; intelligent agents and cloud servers detect the behavior of internal secondary users, which solves the problem of cognitive radio network The problem of possible insider attacks in the

The invention discloses a cryptographic reverse firewall method suitable for digital signatures, and belongs to the technical field of information security. This book first sets up a transparent and credible password reverse firewall on the signer and sets relevant system parameters; when the password reverse firewall receives the parameters, it resets some of the parameters and then forwards them to the signer; the signer based on the parameters received Sign the message to obtain the signature result and pass it to the password reverse firewall of the signer, and the password reverse firewall resets part of the sub-signatures in the signature result and then passes it to the verifier; the verifier verifies the received signature, Verify the legal signature of the message, if the verification is passed, output "accept", otherwise output "reject". The setting of the password reverse firewall of the present invention meets the three basic requirements of the password reverse firewall, achieves transparency and credibility, prevents leakage, improves user security, and especially protects internal attackers from attacking behavior.

The invention belongs to the technical field of data processing, and discloses a quantum secret information sharing method and system suitable for company property management, all entangled particles are prepared by a manager; when wiretapping detection is performed, the manager merges the first user and the second user 、Comparing the measurement results released by the third user with their own local operation code information, if they are inconsistent, stop the protocol operation; at the same time, a quantum secret information sharing system for company property management is disclosed. The invention can prevent external eavesdropping and internal attack, and ensure the safe sharing of secret information. If it wants to expand to more participants, only the sender needs to prepare a corresponding number of entangled particles.