发明名称 |
Method and apparatus for authentication of file read events |
摘要 |
A computerized method and apparatus for distinguishing between false positive read events and true positive events of reading a file, comprising determining an amount of date read from the file, in case the amount of data exceeds a threshold generating a true positive read event, otherwise generating a false positive read event in case a decision condition is met, and an apparatus to carry out the same. |
申请公布号 |
US9639541(B2) |
申请公布日期 |
2017.05.02 |
申请号 |
US201414301351 |
申请日期 |
2014.06.11 |
申请人 |
VARONIS SYSTEMS, INC |
发明人 |
Faitelson Yakov;Korkus Ohad;Bass David;Kaysar Yzhar;Goldstein Doron;David Oren |
分类号 |
G06F17/30;G06F3/06 |
主分类号 |
G06F17/30 |
代理机构 |
Soroker Agmon Nordman |
代理人 |
Soroker Agmon Nordman |
主权项 |
1. A computerized method for designating readings from a file stored on a storage device as true positive readings and non-true positive readings, comprising:
mapping the file into sections; initializing an array of elements wherein each element correspondingly represents a section of the file; responsive to reading an amount of data from the file, assigning to each element of the array a value that represents if the section corresponding to the element is a read section or an un-read section; determining by a computerized controller linked to and interacting with the storage device a pattern of sections read from the file based on the elements of the array; quantifying the pattern by evaluating a number of elements representing read sections and/or a number of elements representing read sections in a consecutive pattern; and checking if the quantification meets an at least one condition, and responsive to the checking generating an event with a designation of a true positive reading if the quantification meets the at least one condition, otherwise, generating an event with a designation of a non-true positive reading. |
地址 |
New York NY US |