Patent · US Active

Identifying attack behavior based on scripting language activity

US11870795B1 · kind B1 · utility

0Cited by

33References

20Claims

0Family size

Assignee

Splunk Inc. · US

Inventors

Joseph Auguste Zadeh · Sunnyvale, US
Rodolfo Soto · Miramar, US
Madhupreetha Chandrasekaran · Sunnyvale, US
Yijiang Li · Lo Wu, CN

Key dates

Filing date	Jun 14, 2021
Grant date	Jan 9, 2024
Priority date	—
Expiry date	Sep 11, 2041

Classification

Technology area (CPC H)Electricity
CPC primaryH04L2463/121
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Techniques for identifying attack behavior based on scripting language activity are disclosed. A security monitoring system generates a behavior profile for a first client device based on scripting language commands included in a first set of raw machine data received from the first client device, where the first client device is coupled to a network, and the first set of raw machine data is associated with network traffic received by or transmitted from the first client device. The security monitoring system analyzes a second set of raw machine data received from the first client device, where the second set of raw machine data is associated with subsequent network traffic received by or transmitted from the first client device. The security monitoring system detects an anomaly in the second set of raw machine data based on the behavior profile, and initiates a mitigation action in response to detecting the anomaly.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.