Invention Grant
- Patent Title: Using a characteristic of a process input/output (I/O) activity and data subject to the I/O activity to determine whether the process is a suspicious process
-
Application No.: US16261490Application Date: 2019-01-29
-
Publication No.: US11188641B2Publication Date: 2021-11-30
- Inventor: Matthew G. Borlick , Lokesh M. Gupta
- Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
- Applicant Address: US NY Armonk
- Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
- Current Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
- Current Assignee Address: US NY Armonk
- Agency: Konrad, Raynes, Davda and Victor LLP
- Agent David W. Victor
- Main IPC: H04L29/06
- IPC: H04L29/06 ; G06F21/55 ; G06F21/56 ; G06F21/78 ; G06F3/06
Abstract:
Provided are a computer program product, system, and method for detecting a security breach in a system managing access to a storage. Process Input/Output (I/O) activity by a process accessing data in a storage is monitored. A determination is made of a characteristic of the data subject to the I/O activity from the process. A determination is made as to whether a characteristic of the process I/O activity as compared to the characteristic of the data satisfies a condition. The process initiating the I/O activity is characterized as a suspicious process in response to determining that the condition is satisfied. A security breach is indicated in response to characterizing the process as the suspicious process.
Public/Granted literature
Information query
