Global clustering of incidents based on malware similarity and online trustfulness
US9432393B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 3, 2015 |
| Grant date | Aug 30, 2016 |
| Priority date | — |
| Expiry date | Feb 3, 2035 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1441
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
In an embodiment, a method, performed by processors of a computing device for creating and storing clusters of incident data records based on behavioral characteristic values in the records and origin characteristic values in the records, the method comprising: receiving a plurality of input incident data records comprising sets of attribute values; identifying two or more first incident data records that have a particular behavioral characteristic value; using a malicious incident behavioral data table that maps sets of behavioral characteristic values to identifiers of malicious acts in the network, and a plurality of comparison operations using the malicious incident behavioral data table and the two or more first incident data records, determining whether any of the two or more first incident data records are malicious; and if so, creating a similarity behavioral cluster record that includes the two or more first incident data records.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.