Patent · US Active

Automated threat alert triage via data provenance

US11194906B2 · kind B2 · utility

1Cited by

4References

17Claims

0Family size

Assignee

NEC CORPORATION · JP

Inventors

Ding Li · Superior, US
Kangkook Jee · Princeton, US
Zhengzhang Chen · Princeton Junction, US
Zhichun Li · Princeton, US
Wajih Ul Hassan · Champaign, US

Key dates

Filing date	Jul 10, 2019
Grant date	Dec 7, 2021
Priority date	—
Expiry date	Mar 23, 2040

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/034
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A method for implementing automated threat alert triage via data provenance includes receiving a set of alerts and security provenance data, separating true alert events within the set of alert events corresponding to malicious activity from false alert events within the set of alert events corresponding to benign activity based on an alert anomaly score assigned to the at least one alert event, and automatically generating a set of triaged alert events based on the separation.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.