Patent · US Active

Detecting and trail-continuation for attacks through remote desktop protocol lateral movement

US10887337B1 · kind B1 · utility

12Cited by

10References

20Claims

0Family size

Assignee

Confluera, Inc. · US

Inventors

Eun-Gyu Kim · Mountain View, US
Rushikesh Patil · Sunnyvale, US
Sandeep Siroya · Cupertino, US
Niloy Mukherjee · Beaverton, US

Key dates

Filing date	Jun 17, 2020
Grant date	Jan 5, 2021
Priority date	—
Expiry date	Jun 17, 2040

Classification

Technology area (CPC H)Electricity
CPC primaryH04L67/08
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Infrastructure attacks involving lateral movement are identified by monitoring system level activities using software agents deployed on respective operating systems, and constructing, based on the system level activities, an execution graph comprising execution trails. A logon session between a remote connection client executing on a first operating system and a remote connection server executing on a second operating system is identified. Behavior exhibited from the logon session is attributed to a first global execution trail in the execution graph. A reconnection to the logon session between a remote connection client executing on a third operating system and the remote connection server is then identified, and, thereafter, behavior exhibited from the logon session is attributed to a second global execution trail in the execution graph.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.