The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Jul. 01, 2014
Filed:
Dec. 01, 2009
Salvatore J. Stolfo, Ridgewood, NJ (US);
Malek Ben Salem, New York, NY (US);
Shlomo Hershkop, Brooklyn, NY (US);
Salvatore J. Stolfo, Ridgewood, NJ (US);
Malek Ben Salem, New York, NY (US);
Shlomo Hershkop, Brooklyn, NY (US);
The Trustees of Columbia University in the City of New York, New York, NY (US);
Abstract
Methods, systems, and media for masquerade attack detection by monitoring computer user behavior are provided. In accordance with some embodiments, a method for detecting masquerade attacks is provided, the method comprising: monitoring a first plurality of user actions and access of decoy information in a computing environment; generating a user intent model for a category that includes at least one of the first plurality of user actions; monitoring a second plurality of user actions; comparing the second plurality of user actions with the user intent model by determining deviation from the generated user intent model; identifying whether the second plurality of user actions is a masquerade attack based at least in part on the comparison; and generating an alert in response to identifying that the second plurality of user actions is the masquerade attack and in response to determining that the second plurality of user actions includes accessing the decoy information in the computing environment.