< Back
Sign In to Follow Application
View All Documents & Correspondence
Login

Method And A System For Facilitating Network Security

Abstract: The method and system of present disclosure relate to facilitating network security. The method includes configuring a network comprising plurality of devices which are provided with sensors for detecting security threats. Further, security grid of the network is generated, in which, the sensors of one device may interact with sensors of other devices. The system may continuously monitor the activities of the devices and learn from them. Based on the monitoring and learning, behavior pattern is generated. Further, system captures current activity of the device and compare it with the behavior pattern to determine the deviation. The system may consider the other factors like context of the operating environment and occurrences of the same activity in other devices in the security grid to determine the genuineness of the deviation. If the device is determined to be anomalous, the system generates curative actions for addressing the abnormality of the device. FIG. 1

Get Free WhatsApp Updates!
Notices, Deadlines & Correspondence

Patent Information

Application #
Filing Date
20 March 2017
Publication Number
39/2018
Publication Type
INA
Invention Field
COMPUTER SCIENCE
Status
Email
ipo@knspartners.com
Parent Application

Applicants

WIPRO LIMITED
Doddakannelli, Sarjapur Road, Bangalore 560035, Karnataka, India.

Inventors

1. SRIDHAR GOVARDHAN
# 17, Palani Mudaliar Street, Ulsoor, Bangalore -560008, Karnataka, India
2. SUNIL VARKEY
Sankaravelil, Eraviperoor, Tiruvalla 689542, Kerala, India

Specification

Claims:WE CLAIM:

1. A method of facilitating network security, the method comprising:
configuring, by a security system (102), a network comprising a plurality of devices (103) associated with the security system (102), wherein each of the plurality of devices (103) is provided with one or more sensors (104) for detecting one or more security threats or anomalies in behavior of the plurality of devices (103);
generating, by the security system (102), a security grid (105) for the network by using the plurality of devices (103) such that the one or more sensors (104) of one device (103), of the plurality of devices (103), is peered with the one or more sensors (104) of other devices (103);
building, by the security system (102), a behavior pattern (214) corresponding to each of the plurality of devices (103), wherein the behavior pattern (214) is built by continuously monitoring and learning from one or more security related events being captured by the one or more sensors (104);
capturing, by the security system (102), an activity (216) performed by at least one device (103) of the plurality of devices (103);
identifying, by the security system (102), a context of an operating environment of the network when the activity (216) is performed, wherein the operating environment comprises one or more operating parameters (218) of the network;
determining, by the security system (102),
a deviation of the at least one device (103) by comparing the activity (216) with the behavior pattern (214) associated with the at least one device (103),
a level of the deviation based on the context of the operating environment, and
occurrences of the activity (216) performed by the other devices (103), apart from the at least one device (103), of the plurality of devices (103); and
tagging, by the security system (102), the at least one device as an anomalous device or a non-anomalous device based on the level of deviation and the occurrences of the activity (216).

2. The method as claimed in claim 1, wherein the activity (216) includes at least one of login activity, email reading, opening of an attachment, browsing internet, visiting website, downloading software, and installing software.

3. The method as claimed in claim 1, wherein the one or more sensors (104) includes at least one of anti-malware sensor, anti-phishing sensor, anti-bot sensor, anti-data theft sensor, and anti-ransomware sensor.

4. The method as claimed in claim 1, wherein one or more security related events is associated with at least one of a network environment, processes, services, registry, and hardware interrupts.

5. The method as claimed in claim 1, wherein the one or more operating parameters (218) includes geography associated with the plurality of devices (103), type of network, and type of applications and type of operating system running on the plurality of devices (103).

6. The method as claimed in claim 1, further comprising generating one or more curative actions (220) for the at least one device (103) and the other devices (103) when the least one device (103) is determined as the anomalous device, wherein the one or more curative actions (220) are generated to address anomaly in behavior of the at least one device (103) and the other devices (103) due to the deviation.

7. The method as claimed in claim 6, further comprising transmitting the one or more curative actions (220) to the at least one device (103) and the other devices (103).

8. A security system (102) for facilitating network security, the system comprising:
a processor; and
a memory communicatively coupled to the processor, wherein the memory stores processor-executable instructions, which, on execution, causes the processor to:
configure a network comprising a plurality of devices (103) associated with the security system (102), wherein each of the plurality of devices (103) is provided with one or more sensors (104) for detecting one or more security threats or anomalies in behavior of the plurality of devices (103);
generate a security grid (105) for the network by using the plurality of devices (103) such that the one or more sensors (104) of one device (103), of the plurality of devices (103), is peered with the one or more sensors (104) of other devices (103);
build a behavior pattern (214) corresponding to each of the plurality of devices (103), wherein the behavior pattern (214) is built by continuously monitoring and learning from one or more security related events being captured by the one or more sensors (104);
capture an activity (216) performed by at least one device (103) of the plurality of devices (103);
identify a context of an operating environment of the network when the activity (216) is performed, wherein the operating environment comprises one or more operating parameters (218) of the network;
determine,
a deviation of the at least one device (103) by comparing the activity (216) with the behavior pattern (214) associated with the at least one device (103),
a level of the deviation based on the context of the operating environment, and
occurrences of the activity (216) performed by the other devices (103), apart from the at least one device (103), of the plurality of devices (103); and
tag the at least one device (103) as an anomalous device or a non-anomalous device based on the level of deviation and the occurrences of the activity (216).

9. The security system (102) claimed in claim 8, wherein the activity (216) includes at least one of login activity, email reading, opening of an attachment, browsing internet, visiting website, downloading software, and installing software.

10. The security system (102) claimed in claim 8, wherein the one or more sensors (104) includes at least one of anti-malware sensor, anti-phishing sensor, anti-bot sensor, anti-data theft sensor, and anti-ransomware sensor.

11. The security system (102) claimed in claim 8, wherein one or more security related events is associated with at least one of a network environment, processes, services, registry, and hardware interrupts.

12. The security system (102) claimed in claim 8, wherein the one or more operating parameters (218) includes geography associated with the plurality of devices (103), type of network, and type of applications and type of operating system running on the plurality of devices (103).

13. The security system (102) claimed in claim 8, wherein the processor (204) is further configured to generate one or more curative actions (220) for the at least one device (103) and the other devices (103) when the least one device (103) is determined as the anomalous device, wherein the one or more curative actions (220) are generated to address anomaly in behavior of the at least one device (103) and the other devices (103) due to the deviation.

14. The security system (102) claimed in claim 13, wherein the processor (204) is further configured to transmit the one or more curative actions (220) to the at least one device (103) and the other devices (103).

Dated this 20th day of March, 2017

Swetha SN
Of K&S Partners
agent for the Applicant
, Description:TECHNICAL FIELD
The present subject matter is related, in general to network security and more particularly, but not exclusively to a method and system for facilitating network security.

Documents