Patents by Inventor Sean Riley Dyer
Sean Riley Dyer has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10965706Abstract: A computing device determines a peer group identifier and supplements netflow records with the peer group identifier. An authentication event block object is received that was sent to a first source window. The authentication event block object includes a user identifier, an IP address, and a peer group identifier. Members of the peer group are identified based on an expected network activity behavior. The user identifier and the peer group identifier are stored in association with the IP address in a cache. A netflow event block object sent to the first source window is received that includes a netflow packet IP address. Netflow data is parsed from the netflow event block object into a netflow record. When the stored IP address matches the netflow packet IP address, the netflow record is supplemented with the user identifier and the peer group identifier. The supplemented netflow record is output to summary data.Type: GrantFiled: September 30, 2020Date of Patent: March 30, 2021Assignee: SAS Institute Inc.Inventors: Bryan C. Harris, Alexius Kofi Ameyaw Boakye, Jr., Sean Riley Dyer, Christopher Francis Smith
-
Publication number: 20210014259Abstract: A computing device determines a peer group identifier and supplements netflow records with the peer group identifier. An authentication event block object is received that was sent to a first source window. The authentication event block object includes a user identifier, an IP address, and a peer group identifier. Members of the peer group are identified based on an expected network activity behavior. The user identifier and the peer group identifier are stored in association with the IP address in a cache. A netflow event block object sent to the first source window is received that includes a netflow packet IP address. Netflow data is parsed from the netflow event block object into a netflow record. When the stored IP address matches the netflow packet IP address, the netflow record is supplemented with the user identifier and the peer group identifier. The supplemented netflow record is output to summary data.Type: ApplicationFiled: September 30, 2020Publication date: January 14, 2021Inventors: Bryan C. Harris, Alexius Kofi Ameyaw Boakye, JR., Sean Riley Dyer, Christopher Francis Smith
-
Patent number: 10841326Abstract: An authentication packet including a user identifier is received. The user identifier identifies a user of a second computing device being monitored by the first computing device. Authentication data is parsed from the authentication packet. A peer group identifier is determined that identifies a peer group to which the user is assigned. Members of the peer group are identified based on an expected network activity behavior. The authentication data and the peer group identifier are buffered into a first event block object and into a second event block object. The first event block object is sent to a first source window of an event stream processing engine (ESPE) that processes a netflow packet. The second event block object is sent to a second source window of the ESPE that processes the authentication packet. The first source window and the second source window are different source windows of the ESPE.Type: GrantFiled: October 8, 2019Date of Patent: November 17, 2020Assignee: SAS Institute Inc.Inventors: Bryan C. Harris, Glen R. Goodwin, Sean Riley Dyer, Alexius Kofi Ameyaw Boakye, Jr., Christopher Francis Smith, Pankaj Ramesh Telang, Damian Tane Herrick
-
Publication number: 20200045071Abstract: An authentication packet including a user identifier is received. The user identifier identifies a user of a second computing device being monitored by the first computing device. Authentication data is parsed from the authentication packet. A peer group identifier is determined that identifies a peer group to which the user is assigned. Members of the peer group are identified based on an expected network activity behavior. The authentication data and the peer group identifier are buffered into a first event block object and into a second event block object. The first event block object is sent to a first source window of an event stream processing engine (ESPE) that processes a netflow packet. The second event block object is sent to a second source window of the ESPE that processes the authentication packet. The first source window and the second source window are different source windows of the ESPE.Type: ApplicationFiled: October 8, 2019Publication date: February 6, 2020Inventors: Bryan C. Harris, Glen R. Goodwin, Sean Riley Dyer, Alexius Kofi Ameyaw Boakye, JR., Christopher Francis Smith, Pankaj Ramesh Telang, Damian Tane Herrick
-
Patent number: 10498755Abstract: A computing device computes a risk score for a user using a device based on a peer group identifier. Network activity measures characterize use of the device by the user. For each unique peer group identifier included in netflow records, a mean value is computed of each network activity measure. For each unique IP address and user identifier combination included in the netflow records, the mean value of each network activity measure is selected for a peer group identifier of the user; a risk score is computed by comparing each network activity measure for the unique IP address and user identifier combination to the selected mean value for the respective network activity measure; and when the risk score exceeds a predefined alert threshold, a high risk alert indicator is set indicating that the device is being used in an anomalous manner relative to other devices monitored by the computing device.Type: GrantFiled: June 27, 2018Date of Patent: December 3, 2019Assignee: SAS INSTITUTE INC.Inventors: Bryan C. Harris, Glen R. Goodwin, Sean Riley Dyer, Alexius Kofi Ameyaw Boakye, Jr., Christopher Francis Smith, Pankaj Ramesh Telang, Damian Tane Herrick, Edwin Kenton Brown, Justin Conrad Fleck
-
Publication number: 20180332064Abstract: A computing device computes a risk score for a user using a device based on a peer group identifier. Network activity measures characterize use of the device by the user. For each unique peer group identifier included in netflow records, a mean value is computed of each network activity measure. For each unique IP address and user identifier combination included in the netflow records, the mean value of each network activity measure is selected for a peer group identifier of the user; a risk score is computed by comparing each network activity measure for the unique IP address and user identifier combination to the selected mean value for the respective network activity measure; and when the risk score exceeds a predefined alert threshold, a high risk alert indicator is set indicating that the device is being used in an anomalous manner relative to other devices monitored by the computing device.Type: ApplicationFiled: June 27, 2018Publication date: November 15, 2018Inventors: Bryan C. Harris, Glen R. Goodwin, Sean Riley Dyer, Alexius Kofi Ameyaw Boakye, JR., Christopher Francis Smith, Pankaj Ramesh Telang, Damian Tane Herrick, Edwin Kenton Brown, Justin Conrad Fleck