Processing

Please wait...

Settings

Settings

Goto Application

1. WO2022007574 - BLOCK-BASED ANOMALY DETECTION

Publication Number WO/2022/007574
Publication Date 13.01.2022
International Application No. PCT/CN2021/099067
International Filing Date 09.06.2021
IPC
G06F 11/00 2006.1
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
11Error detection; Error correction; Monitoring
CPC
G06F 21/561
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
561Virus type analysis
G06F 21/564
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
562Static detection
564by virus signature recognition
G06F 21/565
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
562Static detection
565by checking file integrity
G06F 21/566
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
G06F 2221/034
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2221Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
034Test or assess a computer or a system
G06N 20/00
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
NCOMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
20Machine learning
Applicants
  • KYNDRYL, INC. [US]/[US]
Inventors
  • LAKKUNDI, Abdul Kareem
  • ARADHYA, Siddalinga
  • KULKARNI, Santosh
Agents
  • CCPIT PATENT AND TRADEMARK LAW OFFICE
Priority Data
16/925,46110.07.2020US
Publication Language English (en)
Filing Language English (EN)
Designated States
Title
(EN) BLOCK-BASED ANOMALY DETECTION
(FR) DÉTECTION D'ANOMALIE BASÉE SUR DES BLOCS
Abstract
(EN) A plurality of blocks of a first storage device are monitored. The first storage device is related to a computer system. A subset of blocks of the plurality a compared to a first storage signature of the first storage device. Based on the comparing of the subset of blocks to the first storage signature, a security anomaly is determined on the computer system. In response to the security anomaly, a security action is performed. The security action is related to the computer system.
(FR) Une pluralité de blocs d'un premier dispositif de stockage sont surveillés. Le premier dispositif de stockage est associé à un système informatique. Un sous-ensemble de blocs de la pluralité est comparé à une première signature de stockage du premier dispositif de stockage. Sur la base de la comparaison du sous-ensemble de blocs à la première signature de stockage, une anomalie de sécurité est déterminée sur le système informatique. En réponse à l'anomalie de sécurité, une action de sécurité est effectuée. L'action de sécurité est liée au système informatique.
Related patent documents
Latest bibliographic data on file with the International Bureau