Intelligent system for detecting multistage attacks

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Anisha MAZUMDER · Bellevue, US
• Craig Wittenberg · Mercer Island, US
• Daniel Lee MACE · Bellevue, US
• Haijun ZHAI · Bothell, US
• Seetharaman Harikrishnan · Redmond, US
• Ram Kumar · Corcoran, US
• Yogesh K. ROY · Redmond, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06N7/08
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Provided herein are methods, systems, and computer program products for intelligent detection of multistage attacks which may arise in computer environments. Embodiments herein leverage adaptive graph-based machine-learning solutions that can incorporate rules as well as supervised learning for detecting multistage attacks. Multistage attacks and attack chains may be detected or identified by collecting data representing events, detections, and behaviors, determining relationships among various data, and analyzing the data and associated relationships. A graph of events, detections, and behaviors which are connected by edges representing relationships between nodes of the graph may be constructed and then subgraphs of the possibly enormous initial graph may be identified which represent likely attacks.