System and method for detecting security risks in a computer system

Assignee

• NEC CORPORATION · JP

Inventors

• Ding Li · Superior, US
• Xusheng Xiao · Cleveland, US
• Zhichun Li · Princeton, US
• Guofei Jiang · Princeton, US
• Peng Gao · Nanhu, CN

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/577
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A system and method are provided for identifying security risks in a computer system. The system includes an event stream generator configured to collect system event data from the computer system. The system further includes a query device configured to receive query requests that specify parameters of a query. Each query request includes at least one anomaly model. The query request and the anomaly model are included in a first syntax in which a system event is expressed as {subject-operation-object}. The system further includes a detection device configured to receive at least one query request from the query device and continuously compare the system event data to the anomaly models of the query requests to detect a system event that poses a security risk. The system also includes a reporting device configured to generate an alert for system events that pose a security risk detected by the detection device.