Systems and methods for attacker temporal behavior fingerprinting and grouping with spectrum interpretation and deep learning
US10645100B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Nov 21, 2017 |
| Grant date | May 5, 2020 |
| Priority date | — |
| Expiry date | Jun 22, 2038 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06N3/084
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Attackers may be uniquely identified by their temporal behavior patterns. Time marks and events in a time sequence between a unique pair of a source network address and a destination network address are pre-processed by a network security system to generate a temporal sequence for spectral extraction. The destination network address resides in a computer network monitored by the network security system. The temporal sequence is transformed from the time domain to the frequency domain to capture periodicity in the time sequence in a spectral vector. The spectral vector is denoised and decorrelated through deep learning to produce a spectral fingerprint that is significantly smaller than the spectral vector. The spectral fingerprint represents a temporal behavior fingerprint of an attacker associated with the source network address with respect to the destination network address over a period of time in the time sequence.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.