Multi-point causality tracking in cyber incident reasoning
US10956566B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Oct 12, 2018 |
| Grant date | Mar 23, 2021 |
| Priority date | — |
| Expiry date | Apr 24, 2039 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/577
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
This disclosure provides an automatic causality tracking system that meets real-time analysis needs. It solves causality tracking for cybersecurity, preferably as three sub-tasks: backward tracking, forward tracking, and path-finding. Given a set of threat indicators, the first sub-task yields the system elements (e.g., entities such as processes, files, network sockets, and the like) that contribute information to a set of threat indicators backward in time. The second sub-task yields system elements forward in time. Given two sets of threat indicators, the third sub-task yields shortest paths between them, e.g., how the two sets of indicators are connected to one another. The system enables efficient multi-point traversal analysis with respect to a set of potential compromise points, and using data from real information flows.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.