US2015237064A1PendingUtilityA1
Method and apparatus for predicting the impact of security incidents in computer systems
Est. expiryJun 12, 2032(~5.9 yrs left)· nominal 20-yr term from priority
Inventors:Thomas Lee
H04L 63/1433H04L 67/10G06F 21/40G06F 2221/2101G06F 21/565
52
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
Systems or methods gather information within a network of computers regarding the distribution of documents to calculate the impact of a cyber security incident for a given computer. Specific embodiments analyze word usage within data files and to determine that data files are different versions of a document and use presence of documents on a given computer to determine the impact of a security breach at that computer.
Claims
exact text as granted — not AI-modified1 . A computer implemented method for predicting and outputting an impact of a security breach at a particular computer in an enterprise comprising:
a. electronically accessing data files available at a plurality of computers in the enterprise, b. reading the contents of the data files and identifying data files having a threshold similarity as different versions of a document, thereby determining a plurality of documents, wherein each said document is a collection of similar data files; d. accessing data indicating group assignments of computers in said plurality of computers, the group assignments indicating criteria of the computers, d. calculating a document security value of each said documents based upon the document's distribution with respect to said computers and groups; e. predicting the impact of a security breach to said particular computer by combining document security values of documents present on said particular computer; f. outputting the predicted impact.
2 . The method of claim 5 wherein the distance function comprises:
D n,m =√{square root over (Σ( w n /N n −w m /N m ) 2 )}
where D n,m is a distance between data files n and m and where w n and w m are the number of times a word w appears in said data file n and m, and where N n and N m are values for said data file n and m, calculated with the equation:
N
f
=
∑
f
w
f
,
which is the sum of all words in said data file f.
3 . (canceled)
4 . The method of claim 1 further comprising determining an impact (I c ) for a computer (c) by:
I
c
=
∑
c
V
d
where (V d ) is a security value for a document (d).
5 . The method of claim 1 further comprising:
calculating similarity between said data files based upon distance between said data files within a space defined by word dimensions, where the value of a data file in a word dimension is the number of times the word or a variation is found in said data file.
6 . The method of claim 1 further comprising:
automatically and continuously discovering new data files and new documents within the enterprise.
7 . A computer implemented method for predicting and outputting an impact of a security breach at a particular computer in a computer enterprise comprising:
accessing data files on a plurality of computers in the enterprise, identifying data files having a threshold similarity as different versions of a document by reading and comparing data file contents and storing document identifiers for documents; accessing group assignments of said computers, the group assignments assigning a computer to one or more of a plurality of groups, a particular group indicating rank, department, business function, user, or other criteria related to the computers, calculating a document security value of a document based upon the document's distribution within the enterprise, determining the impact of a security breach to said particular computer by combining document security values of documents present on said particular computer, and outputting the impact.
8 . The method of claim 7 , further comprising determining an impact (I c ) for a computer (c) by:
I
c
=
∑
c
V
d
,
where (V d ) is a security value for a document (d).
9 . The method of claim 7 , further wherein:
accessing data files comprises reading data files from storage operatively connected to said computers.
10 . The method of claim 7 , further comprising:
calculating similarity between said data files based upon distance between said data files within a space defined by word dimensions, where the value of a data file in a word dimension is the number of times the word is found in said data file.
11 . A system for predicting and outputting an impact of a security breach at a particular computer in a computer network comprising:
a computer application for accessing data files at a plurality of computers in the network and identifying data files having a threshold similarity as different versions of a document by comparing data file contents; a documents computer application for storing and receiving identifications of a plurality of documents and a plurality of data files representing different versions of the documents; a groups computer application for storing and receiving identifications of a plurality of computer groups and a plurality of computer devices identifications of computer devices assigned to each group; wherein groups indicate department, business function, user, user rank, user security level, etc., or other criteria related to the computers, a document security value determination computer application for calculating a document security value of a document based upon the document's distribution; and an impact prediction computer application for determining impact of a security breach to a particular computer by combining document security values of documents available at the particular computer.
12 . The system of claim 11 further comprising:
a plurality of agents running on a plurality of said computers devices to read data files.
13 . The system of claim 11 further comprising:
a database ( 40 ) having a schema ( 60 ) for storing data about computers, data files, documents and their values;
an analysis computer ( 50 ) for calculating distance (similarity) between data files, values of documents and impacts to computers;
14 . The system of claim 11 further comprising:
a table ( 100 ) for data files linked to computers;
a linking table ( 120 ) for storing the number of times each word can be found in a data file;
a word table ( 130 ) listing all parsed words found within all data files;
a document table ( 140 ) used to identify data files that are different versions of the same document and to store a security value for the document; and
a group table ( 150 ) used to identify assignments to a plurality of groups indicating computer devices' user's rank, department or business function, and for storing a value ( 160 ) of a group.Join the waitlist — get patent alerts
Track US2015237064A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.