	US 11,991,192 B2
	Intruder detection for a network
Manav Ratan Mital, Mountain View, CA (US); Srinivas Nageswarrao Vadlamani, San Jose, CA (US); Pramod Chandraiah, Pleasanton, CA (US); Pedro Henrique Bragioni Las-Casas, Belo Horizonte (BR); Kaizen Navid Towfiq, San Rafael, CA (US); and Timothy Do Nguyen, San Jose, CA (US)
Assigned to Cyral Inc., Milpitas, CA (US)
Filed by Cyral Inc., Milpitas, CA (US)
Filed on Jul. 15, 2022, as Appl. No. 17/866,269.
Application 17/866,269 is a continuation of application No. 16/900,619, filed on Jun. 12, 2020, granted, now 11,477,217.
Application 16/900,619 is a continuation in part of application No. 16/548,732, filed on Aug. 22, 2019, granted, now 11,477,196.
Claims priority of provisional application 62/891,795, filed on Aug. 26, 2019.
Claims priority of provisional application 62/840,847, filed on Apr. 30, 2019.
Claims priority of provisional application 62/758,223, filed on Nov. 9, 2018.
Claims priority of provisional application 62/733,013, filed on Sep. 18, 2018.
Prior Publication US 2022/0353283 A1, Nov. 3, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01)

CPC H04L 63/1416 (2013.01) [H04L 63/166 (2013.01); H04L 63/168 (2013.01); H04L 63/1441 (2013.01)]

19 Claims

1. A method of intruder detection, comprising:

intercepting communications for a data source in an organization;

analyzing the communications to identify an intruder detection signature, the analyzing including

determining whether at least a portion of the communications match a behavioral baseline for the data source, the behavioral baseline being dynamically updated using the communications;

determining an intrusion for a communication of the communications based on the intruder detection signature, the determining the intrusion including identifying at least one of the communications as matching the intruder detection signature in response to the at least one of the communications failing to match the behavioral baseline; and

generating an alarm based on the intrusion.