发明名称 |
Method and apparatus for authentication of file read events |
摘要 |
A computerized method and apparatus for distinguishing between false positive read events and true positive events of reading a file, comprising determining an amount of date read from the file, in case the amount of data exceeds a threshold generating a true positive read event, otherwise generating a false positive read event in case a decision condition is met, and an apparatus to carry out the same. |
申请公布号 |
US8782027(B2) |
申请公布日期 |
2014.07.15 |
申请号 |
US201213356658 |
申请日期 |
2012.01.24 |
申请人 |
Varonis Systems, Inc. |
发明人 |
Faitelson Yakov;Korkus Ohad;Bass David;Kaysar Yzhar;Goldstein Doron;David Oren |
分类号 |
G06F17/30 |
主分类号 |
G06F17/30 |
代理机构 |
Soroker Agmon |
代理人 |
Soroker Agmon |
主权项 |
1. A computerized method for distinguishing between false positive read events and true positive events of reading a file, comprising:
monitoring access to a file stored on a data storage device by a computer system serving as a controller; determining an amount of data read from the file during the access to the file and subsequent access to the file until a decision condition is met causing the controller to provide an indication if the access to the file is a false positive read event or a true positive read event; wherein if the amount of data read from the file exceeds a threshold value a true positive read event indication is generated, otherwise a false positive read event indication is generated, wherein the threshold is determined according to a formula: T=max(1,min(32,32−16*log(K.sub.2/K)*S/K)) wherein: T is the threshold in KB, K is the minimum size of file for which the entire file is read in KB; K.sub.2 is the minimum size of the file for which half of the file is read in KB; and S is the actual size of the file in KB. |
地址 |
NY US |