Systems and methods for log and snort synchronized threat detection
US10462170B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Nov 21, 2017 |
| Grant date | Oct 29, 2019 |
| Priority date | — |
| Expiry date | Jul 13, 2038 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06N20/00
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
This disclosure provides a new automated threat detection using synchronized log and Snort streams. Time segments from a log stream are correlated by time to time segments from a Snort stream that have been identified as indicating “true” incidents. To determine whether a correlated time segment is “good” or “bad,” features are extracted from the correlated time segment and used to determine tuples associated therewith, each tuple containing a message type, a location, and an out of vocabulary word in the correlated time segment. A multidimensional feature vector containing a select number of the tuples is generated and provided as input to a machine learning module which determines, based on machine intelligence, whether the correlated time segment indicates a true incident.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.