Anomaly-based malicious-behavior detection
US11277423B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Feb 22, 2019 |
| Grant date | Mar 15, 2022 |
| Priority date | — |
| Expiry date | Jan 12, 2040 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/121
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Example techniques detect incidents based on events from or at monitored computing devices. A control unit can detect events of various types within a time interval and aggregate the detected events into an incident. The control unit can detect patterns within the events based at least in part on predetermined criterion. In examples, the control unit can determine pattern scores for the patterns based on the probability of occurrence for the patterns and determine a composite score based on the pattern scores. The control unit can determine that an incident indicating malicious activity has been detected based in part determining that the composite score is above a predetermined threshold score. In some examples, the control unit can classify and rank the incidents. The control unit can determine if an incident indicates malicious activity including malware or targeted attack.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.