Method for predicting and characterizing cyber attacks

Assignee

• SUMO LOGIC, INC. · US

Inventors

• Gregory Martin · San Francisco, US
• Thomas Piscitell, III · San Francisco, US
• David Matslofva · Redwood City, US
• Brian Waskiewicz · San Rafael, US
• Scott Woods · East Haven, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1441
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

One variation of a method for predicting and characterizing cyber attacks includes: receiving, from a sensor implementing deep packet inspection to detect anomalous behaviors on the network, a first signal specifying a first anomalous behavior of a first asset on the network at a first time; representing the first signal in a first vector representing frequencies of anomalous behaviors—in a set of behavior types—of the first asset within a first time window; calculating a first malicious score representing proximity of the first vector to malicious vectors defining sets of behaviors representative of security threats; calculating a first benign score representing proximity of the first vector to a benign vector representing an innocuous set of behaviors; and in response to the first malicious score exceeding the first benign score and a malicious threshold score, issuing a first alert to investigate the network for a security threat.