Invention Grant
US08375452B2 Methods for user profiling for detecting insider threats based on internet search patterns and forensics of search keywords
有权
基于互联网搜索模式和搜索关键词取证的用户分析检测内部威胁的方法
- Patent Title: Methods for user profiling for detecting insider threats based on internet search patterns and forensics of search keywords
- Patent Title (中): 基于互联网搜索模式和搜索关键词取证的用户分析检测内部威胁的方法
-
Application No.: US12344229Application Date: 2008-12-25
-
Publication No.: US08375452B2Publication Date: 2013-02-12
- Inventor: Gil Raviv
- Applicant: Gil Raviv
- Applicant Address: IL Tel Aviv
- Assignee: Check Point Software Technologies Ltd
- Current Assignee: Check Point Software Technologies Ltd
- Current Assignee Address: IL Tel Aviv
- Agent Mark M Friedman
- Main IPC: G06F11/00
- IPC: G06F11/00
Abstract:
Disclosed are methods for user profiling for detecting insider threats including the steps of: upon a client application sending a request for a link, extracting at least one search keyword from a search session associated with the request; classifying the link into at least one classification; determining whether at least one classification is a monitored classification; capturing search elements of search sessions associated with the monitored classification; acquiring usage data from the search elements to create a user profile associated with a user's search behavior; and performing a statistical analysis, on a search frequency for the monitored classification, on user profiles associated with many users. Preferably, the method includes: designating a profile as suspicious based on the statistical analysis exceeding a pre-determined threshold value, wherein the pre-determined threshold value is based on an expected search frequency for the profile and each respective grade for at least one risk-assessment dimension.
Public/Granted literature
Information query
