Methods and system for characterizing infrastructure security-related events
US10630715B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 25, 2019 |
| Grant date | Apr 21, 2020 |
| Priority date | — |
| Expiry date | Jul 25, 2039 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/14
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A novel enterprise security solution allows for precise interception and surgical response to attack progression, in real time, as it occurs across a distributed infrastructure. The solution includes a data monitoring and management framework that continually models system level host and network activities as mutually exclusive infrastructure wide execution sequences and bucketizes them into unique execution trails. A multimodal intelligent security middleware detects indicators of compromise in real-time on top of subsets of each unique execution trail using rule based behavioral analytics, machine learning based anomaly detection, and other sources. Each detection result dynamically contributes to aggregated risk scores at execution trail level granularities. These scores can be used to prioritize and identify highest risk attack trails to end users, along with steps that such end users can perform to mitigate further damage and progression of an attack.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.