Graph-based multi-staged attack detection and visualization in the context of an attack framework
US12368729B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 16, 2023 |
| Grant date | Jul 22, 2025 |
| Priority date | — |
| Expiry date | Nov 12, 2043 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1441
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
The present disclosure relates to a system, method, and computer program for graph-based multi-stage attack detection in which alerts are graphically visualized in the context of tactics in an attack framework. The method enables the detection of cybersecurity threats that span multiple users and sessions and provides for the display of threat information in the context of a framework of attack tactics. Alerts spanning an analysis window are grouped into tactic blocks. Each tactic block is associated with an attack tactic and a time window. A graph is created of the tactic blocks, and threat scenarios are identified from independent clusters of directionally connected tactic blocks in the graph. The threat information is visualized graphically in the context of a sequence of attack tactics in the attack framework. A user can toggle between graphical visualizations of a cluster as a whole and the individual threat scenario paths in the cluster.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.