Patent · US Active

Provenance-based threat detection tools and stealthy malware detection

US11423146B2 · kind B2 · utility

4Cited by

1References

11Claims

0Family size

Assignee

NEC CORPORATION · JP

Inventors

Ding Li · Superior, US
Xiao Yu · Princeton, US
Junghwan Rhee · Princeton, US
Haifeng Chen · Ishikawa, JP
Qi Wang · Jinan, CN

Key dates

Filing date	Aug 12, 2020
Grant date	Aug 23, 2022
Priority date	—
Expiry date	Nov 14, 2040

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/566
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Systems and methods for a provenance based threat detection tool that builds a provenance graph including a plurality of paths using a processor device from provenance data obtained from one or more computer systems and/or networks; samples the provenance graph to form a plurality of linear sample paths, and calculates a regularity score for each of the plurality of linear sample paths using a processor device; selects a subset of linear sample paths from the plurality of linear sample paths based on the regularity score, and embeds each of the subset of linear sample paths by converting each of the subset of linear sample paths into a numerical vector using a processor device; detects anomalies in the embedded paths to identify malicious process activities, and terminates a process related to the embedded path having the identified malicious process activities.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.