System and method for determining a threat based on correlation of indicators of compromise from other sources
US10027696B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 27, 2017 |
| Grant date | Jul 17, 2018 |
| Priority date | — |
| Expiry date | Mar 27, 2037 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/145
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
According to one embodiment, an electronic device features processing circuitry and memory that includes a first logic and a second logic. When executed by the processing circuitry, the first logic organizes (i) a first plurality of indicators of compromise (IOCs) received from a first source, where the first plurality of IOCs being caused by a known origin of a malicious attack, and (ii) one or more IOCs received from a second source that is different from the first source and an origin of the one or more IOCs is unknown. The second logic conducts a predictive analysis that evaluates whether the one or more IOCs have at least a degree of correlation with the first plurality of IOCs, and determines a threat level. The threat level signifies a degree of confidence that IOCs received from the second source are caused by the known origin of the first plurality of IOCs.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.