Patent · US Active

Inferring security incidents from observational data

US11487880B2 · kind B2 · utility

0Cited by

0References

20Claims

0Family size

Assignee

MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

Omer Karin · Tel Aviv-Yafo, IL
Yotam Livny · Gdera, IL
Yaniv Zohar · Kiryat Motzkin, IL

Key dates

Filing date	Sep 13, 2019
Grant date	Nov 1, 2022
Priority date	—
Expiry date	Sep 25, 2040

Classification

Technology area (CPC G)Physics
CPC primaryG06F2201/86
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Methods, systems, and apparatuses are provided for inferring security incidents from observational data. For example, alerts generated with respect to a set of entities by a first alert generator are received, association scores are calculated for pairs of alerts, the alerts are formed into clusters based on the association scores, and a security incident model is formed based on the clusters. The security incident model may define sequences of alerts corresponding to security incidents. Furthermore, the security incident model may be used to determine a match between additional alerts and a sequence of alerts in the security incident model and identify the additional alerts as a security incident corresponding to the sequence of alerts in the security incident model.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.