Field of the Invention
The present invention relates to systems and methods for using cognitive fingerprints. More particularly, the present invention relates to an apparatus and method for creating a core cognitive fingerprint representing a system state and various embodiments for the use of such cognitive fingerprints.
Description of the Related Art
In the security field, most anti-virus (AV) products rely on pre-computed signatures to identify viruses and threats. However, there is not always enough time for a threat to be found and analyzed, a signature engineered, and an update delivered to users before they are targeted.
Similarly, methods are needed to prevent data theft by unauthorized users. For example, if login credentials for an individual user fall into unauthorized hands, the party possessing these credentials may be able to log into a system or network for which these credentials provide access, and over time, remove proprietary or confidential information from a secure environment. Thus, there exists a need to detect the scenario where legitimate login credentials are being utilized by unauthorized persons, particularly when the theft of data is “subtle” and occurs over a period of time. Multi-factor authentication schemes such as retina and fingerprint scans can address the issue of validating identity, however they can be defeated or circumvented such as when an authorized user indulges in unauthorized removal or theft of information. Additionally, it can be cost-prohibitive to put such defenses in a typical business network at all entry points, such as desktop computers, mobile endpoints and Thin clients.
Methods are needed to detect when legitimate users with authorized credentials are still engaging in unauthorized behavior. Recently, there have been a number of high-profile incidents where an authorized user engages in behavior beyond the scope of their authorization and subsequently steals and releases confidential information. While access control limitations (such as attaching permissions to data) exist, these protections do not protect widespread data theft when a user has legitimate access to the data. Thus, there exists a need to detect atypical behavior by a user on a network to prevent such security breaches.
The use of neural network based recognition systems is common within many industries. These systems typically process inputs as sequences of bits which are connected to a number of cells. These approaches are theoretically content agnostic in that they do not have to account differently for text, images or other forms of input. But in practice, this generality can impose penalties in the form of slower learning processes, and the necessity of creating “deep” structures in order to capture enough pattern information that would allow the system to deliver meaningful results and subsequent recognition.
Other learning approaches are highly tuned to the type of content being processed. For example, some Inductive Logic Programming (ILP) methods process higher-level concepts such as “facts” and “truths” and encode their implications to create reasoning chains. These approaches typically require developing evaluators for context-specific attributes. In many instances, approaches like ILP lack flexibility because they require a lot of domain specific information, customization, and they may not scale to handle variations of problems from adjacent domains.