Patent · US Active

Identifying attack behavior based on scripting language activity

US11038905B2 · kind B2 · utility

3Cited by

24References

34Claims

0Family size

Assignee

Splunk Inc. · US

Inventors

Joseph Auguste Zadeh · Sunnyvale, US
Rodolfo Soto · Miramar, US
Madhupreetha Chandrasekaran · Sunnyvale, US
Yijiang Li · Lo Wu, CN

Key dates

Filing date	Jan 25, 2017
Grant date	Jun 15, 2021
Priority date	—
Expiry date	Mar 17, 2037

Classification

Technology area (CPC H)Electricity
CPC primaryH04L2463/121
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Techniques for identifying attack behavior based on scripting language activity are disclosed. A security monitoring system generates a behavior profile for a first client device based on scripting language commands included in a first set of raw machine data received from the first client device, where the first client device is coupled to a network, and the first set of raw machine data is associated with network traffic received by or transmitted from the first client device. The security monitoring system analyzes a second set of raw machine data received from the first client device, where the second set of raw machine data is associated with subsequent network traffic received by or transmitted from the first client device. The security monitoring system detects an anomaly in the second set of raw machine data based on the behavior profile, and initiates a mitigation action in response to detecting the anomaly.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.