Threat detection using artifact change analysis
US11232204B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Nov 20, 2018 |
| Grant date | Jan 25, 2022 |
| Priority date | — |
| Expiry date | Apr 12, 2039 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2201/84
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Disclosed herein are system, method, and computer program product embodiments for performing threat detection on a monitored system. The monitored system may periodically send artifacts (e.g., database records, binaries, program code, business data) to a repository for storage and creation of a snapshot. This repository is typically held in a cloud-based system. The cloud-based system can compare a snapshot of the artifacts against prior snapshots, and generate a change log. This change log can then be provided to a threat detection system for analysis. By this approach, an intrusion can potentially be detected even when system logs cannot be trusted, due to tampering or other inaccuracies.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.