公开(公告)号：US09367707B2

公开(公告)日：2016-06-14

申请号：US13403108

申请日：2012-02-23

申请人： Ron Gula ,  Marcus Ranum

发明人： Ron Gula ,  Marcus Ranum

IPC分类号： G06F7/04 ,  G06F17/30 ,  H04N7/16 ,  G06F21/64 ,  G06F12/08

CPC分类号： H04L63/0236 ,  G06F12/0864 ,  G06F17/30097 ,  G06F17/30109 ,  G06F21/64 ,  H04L63/0876 ,  H04L63/1408

摘要： The system and method described herein may use file hashes to track data leakage and document propagation in a network. For example, file systems associated with known reference systems and various user devices may be compared to classify the user devices into various groups based on differences between the respective file systems, identify files unique to the various groups, and detect potential data leakage or document propagation if user devices classified in certain groups include any files that are unique to other groups. Additionally, various algorithms may track locations, movements, changes, and other events that relate to normal or typical activity in the network, which may be used to generate statistics that can be compared to subsequent activities that occur in the network to detect potentially anomalous activity that may represent potential data leakage or document propagation.

摘要翻译： 本文描述的系统和方法可以使用文件哈希来跟踪网络中的数据泄漏和文档传播。 例如，可以比较与已知参考系统和各种用户设备相关联的文件系统，以便基于各个文件系统之间的差异，识别各个组所特有的文件以及检测潜在数据泄漏或文档传播来将用户设备分类成各种组 如果分类为某些组的用户设备包含其他组别的唯一的文件。 此外，各种算法可以跟踪与网络中的正常或典型活动相关的位置，移动，改变和其他事件，其可以用于生成可以与网络中发生的后续活动进行比较以检测潜在的异常活动的统计信息 这可能代表潜在的数据泄漏或文档传播。

公开(公告)号：US20130227714A1

公开(公告)日：2013-08-29

申请号：US13403108

申请日：2012-02-23

申请人： Ron GULA ,  Marcus Ranum

发明人： Ron GULA ,  Marcus Ranum

IPC分类号： G06F21/24

CPC分类号： H04L63/0236 ,  G06F12/0864 ,  G06F17/30097 ,  G06F17/30109 ,  G06F21/64 ,  H04L63/0876 ,  H04L63/1408

摘要： The system and method described herein may use file hashes to track data leakage and document propagation in a network. For example, file systems associated with known reference systems and various user devices may be compared to classify the user devices into various groups based on differences between the respective file systems, identify files unique to the various groups, and detect potential data leakage or document propagation if user devices classified in certain groups include any files that are unique to other groups. Additionally, various algorithms may track locations, movements, changes, and other events that relate to normal or typical activity in the network, which may be used to generate statistics that can be compared to subsequent activities that occur in the network to detect potentially anomalous activity that may represent potential data leakage or document propagation.

摘要翻译： 本文描述的系统和方法可以使用文件哈希来跟踪网络中的数据泄漏和文档传播。 例如，可以比较与已知参考系统和各种用户设备相关联的文件系统，以便基于各个文件系统之间的差异，识别各个组所特有的文件以及检测潜在数据泄漏或文档传播来将用户设备分类成各种组 如果分类为某些组的用户设备包含其他组别的唯一的文件。 此外，各种算法可以跟踪与网络中的正常或典型活动相关的位置，移动，改变和其他事件，其可以用于生成可以与网络中发生的后续活动进行比较以检测潜在的异常活动的统计信息 这可能代表潜在的数据泄漏或文档传播。