Patent · US Active

Incremental causal graph learning for attack forensics in computer systems

US12407718B2 · kind B2 · utility

0Cited by

4References

20Claims

0Family size

Assignee

NEC CORPORATION · JP

Inventors

Zhengzhang Chen · Princeton Junction, US
Haifeng Chen · Ishikawa, JP
Dongjie Wang · Orlando, US

Key dates

Filing date	Jul 26, 2023
Grant date	Sep 2, 2025
Priority date	—
Expiry date	Sep 7, 2043

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1425
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A computer-implemented method for identifying attack origins is provided. The method includes detecting a trigger point from entity metrics data and key performance indicator (KPI) data, generating a learned causal graph by fusing a state-invariant causal graph with a state-dependent causal graph, backtracking from an attack detection point, via an incident backtrack and system recovery component, by using the learned causal graph to identify an attack origin when an intrusion or attack occurs, and displaying data relating to the attack origin on a visualization display for user analysis.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.