Graph-based multi-staged attack detection in the context of an attack framework
US12063226B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 24, 2021 |
| Grant date | Aug 13, 2024 |
| Priority date | — |
| Expiry date | Nov 15, 2042 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1433
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
The present disclosure relates to a system, method, and computer program for graph-based multi-stage attack detection in which alerts are displayed in the context of tactics in an attack framework, such as the MITRE ATT&CK framework. The method enables the detection of cybersecurity threats that span multiple users and sessions and provides for the display of threat information in the context of a framework of attack tactics. Alerts spanning an analysis window are grouped into tactic blocks. Each tactic block is associated with an attack tactic and a time window. A graph is created of the tactic blocks, and threat scenarios are identified from independent clusters of directionally connected tactic blocks in the graph. The threat information is presented in the context of a sequence of attack tactics in the attack framework.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.