Distributed detection of malicious cloud actors
US10951637B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Aug 28, 2014 |
| Grant date | Mar 16, 2021 |
| Priority date | — |
| Expiry date | Oct 11, 2035 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L43/028
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Examples relate to distributed detection of malicious cloud actors. In some examples, outgoing cloud packets from the cloud server are intercepted and processed to determine if a preliminary threshold is exceeded, where the outgoing cloud packets are used to identify a customer. At this stage, a potential outgoing intrusion event of a number of potential outgoing intrusion events is generated when the preliminary threshold is exceeded. The potential outgoing intrusions events are used to update an aggregate log, where the aggregate log tracks a customer subset of the cloud servers that is associated with the customer. In response to analyzing the aggregate log to determine that cloud traffic by the customer to the destination address exceeds an intrusion threshold, a notification of malicious activity by the customer is provided, wherein the intrusion threshold is satisfied at a higher cloud activity level than the preliminary threshold.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.