USING A CHARACTERISTIC OF A PROCESS INPUT/OUTPUT (I/O) ACTIVITY AND DATA SUBJECT TO THE I/O ACTIVITY TO DETERMINE WHETHER THE PROCESS IS A SUSPICIOUS PROCESS

USING A CHARACTERISTIC OF A PROCESS INPUT/OUTPUT (I/O) ACTIVITY AND DATA SUBJECT TO THE I/O ACTIVITY TO DETERMINE WHETHER THE PROCESS IS A SUSPICIOUS PROCESS

Provided are a computer program product, system, and method for detecting a security breach in a system managing access to a storage. Process Input/Output (I/O) activity by a process accessing data in a storage is monitored. A determination is made of a characteristic of the data subject to the I/O...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Gupta, Lokesh M, Borlick, Matthew G
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Provided are a computer program product, system, and method for detecting a security breach in a system managing access to a storage. Process Input/Output (I/O) activity by a process accessing data in a storage is monitored. A determination is made of a characteristic of the data subject to the I/O activity from the process. A determination is made as to whether a characteristic of the process I/O activity as compared to the characteristic of the data satisfies a condition. The process initiating the I/O activity is characterized as a suspicious process in response to determining that the condition is satisfied. A security breach is indicated in response to characterizing the process as the suspicious process.