Patent · US Active

Detecting malicious beaconing communities using lockstep detection and co-occurrence graph

US10887323B2 · kind B2 · utility

1Cited by

2References

20Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Jiyong Jang · Ossining, US
Dhilung Hang Kirat · White Plains, US
Bum Jun Kwon · College Park, US
Douglas Lee Schales · Campion Road, US
Marc Philippe Stoecklin · Bern, CH

Key dates

Filing date	Jun 19, 2017
Grant date	Jan 5, 2021
Priority date	—
Expiry date	Oct 5, 2039

Classification

Technology area (CPC H)Electricity
CPC primaryH04L2463/144
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A computer-implemented method (and apparatus) includes receiving input data comprising bipartite graph data in a format of source MAC (Machine Access Code) data versus destination IP (Internet Protocol) data and timestamp information. The input bipartite graph data is provided into a first processing to detect malicious beaconing activities using a lockstep detection method on the input bipartite graph data to detect possible synchronized attacks against a targeted infrastructure. The input bipartite graph data is also provided into a second processing, the second processing initially converting the bipartite graph data into a co-occurrence graph format that indicates in a graph format how devices in the targeted infrastructure communicate with different external destination servers over time. The second processing detects malicious beaconing activities by analyzing data exchanges with the external destination servers to detect anomalies.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.