Invention Grant
- Patent Title: Using a characteristic of a process input/output (I/O) activity and data subject to the I/O activity to determine whether the process is a suspicious process
-
Application No.: US15482530Application Date: 2017-04-07
-
Publication No.: US10248577B2Publication Date: 2019-04-02
- Inventor: Matthew G. Borlick , Lokesh M. Gupta
- Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Agency: Konrad, Raynes, Davda, and Victor LLP
- Agent David W. Victor
- Main IPC: H04L29/06
- IPC: H04L29/06 ; G06F12/14 ; G06F21/56 ; G06F21/78 ; G06F3/06 ; G06F21/55
Abstract:
Provided are a computer program product, system, and method for detecting a security breach in a system managing access to a storage. Process Input/Output (I/O) activity by a process accessing data in a storage is monitored. A determination is made of a characteristic of the data subject to the I/O activity from the process. A determination is made as to whether a characteristic of the process I/O activity as compared to the characteristic of the data satisfies a condition. The process initiating the I/O activity is characterized as a suspicious process in response to determining that the condition is satisfied. A security breach is indicated in response to characterizing the process as the suspicious process.
Public/Granted literature
Information query
