Patent · US Active

Clustering computer security attacks by threat actor based on attack features

US10454967B1 · kind B1 · utility

10Cited by

1References

22Claims

0Family size

Assignee

EMC IP Holding Company LLC · US

Inventors

Alex Zaslavsky · Brookline, US
Oren Karmi · Nes Ziona, IL
Uri Fleyder · Givat Shmuel, IL
Lior Ben-Porat · Petah Tikva, IL
Marcelo Blatt · Holon, IL

Key dates

Filing date	Sep 25, 2015
Grant date	Oct 22, 2019
Priority date	—
Expiry date	Jan 7, 2037

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/20
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Clustering is provided of computer security attacks by the threat actor based on features of the attacks. Attack data is obtained for a given attack and a plurality of features of the given attack are extracted from a plurality of attack attributes. A feature-based score is computed for the given attack based on the extracted features relative to each of a plurality of attack clusters. Each attack cluster is comprised of a plurality of attacks performed by a particular attacker. The given computer security attack is assigned to a particular attack cluster if the feature-based score for the particular attack satisfies a predefined score criteria.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.