Processing

Please wait...

Settings

Settings

Goto Application

1. US20220012336 - BLOCK-BASED ANOMALY DETECTION

Office
United States of America
Application Number 16925461
Application Date 10.07.2020
Publication Number 20220012336
Publication Date 13.01.2022
Publication Kind A1
IPC
G06F 21/56
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
G06N 5/04
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
NCOMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
5Computer systems using knowledge-based models
04Inference methods or devices
G06N 20/00
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
NCOMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
20Machine learning
CPC
G06F 21/561
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
561Virus type analysis
G06F 21/566
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
G06F 21/565
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
562Static detection
565by checking file integrity
G06F 2221/034
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2221Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
034Test or assess a computer or a system
G06N 5/04
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
NCOMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
5Computer systems using knowledge-based models
04Inference methods or devices
G06N 20/00
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
NCOMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
20Machine learning
Applicants International Business Machines Corporation
Inventors Abdul Kareem Lakkundi
Siddalinga Aradhya
Santosh Kulkarni
Title
(EN) BLOCK-BASED ANOMALY DETECTION
Abstract
(EN)

A plurality of blocks of a first storage device are monitored. The first storage device is related to a computer system. A subset of blocks of the plurality a compared to a first storage signature of the first storage device. Based on the comparing of the subset of blocks to the first storage signature, a security anomaly is determined on the computer system. In response to the security anomaly, a security action is performed. The security action is related to the computer system.


Related patent documents