Real-time alert reasoning and priority-based campaign discovery

Assignee

• International Business Machines Corporation · US

Inventors

• Yushan Liu · Xiamen, CN
• Xiaokui Shu · Ossining, US
• Douglas Lee Schales · Campion Road, US
• Marc Philippe Stoecklin · Bern, CH

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1483
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Advanced Persistent Threat (APT) defense leverages priority-based tracking around alerts, together with priority-based alert reasoning task scheduling. In one embodiment, individual alert reasoning tasks are managed by an alert scheduler, which effectively allocates available computation resources to prioritize the alert reasoning tasks, which each execute within processing workers that are controlled by the alert scheduler. An alert reasoning task typically is prioritized (relative to other such tasks) according to one or more factors, such as severity levels, elapsed time, and other tracking results. By implementing priority-based task scheduling, the task scheduler provides for alert reasoning tasks that are interruptible. In this approach, and once an alert is assigned to a task and the task assigned a worker, priority-based connectivity tracker around each alert is carried out to provide further computational efficiency.