Systems and methods for detecting security events
US9628506B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 26, 2015 |
| Grant date | Apr 18, 2017 |
| Priority date | — |
| Expiry date | Jul 9, 2035 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/20
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A computer-implemented method for detecting security events may include (1) identifying facets of candidate security events detected by a network security system, (2) assigning each of the facets of the candidate security events to one of multiple groups of facets to create permutations of the facets, (3) comparing, for each group of facets, the candidate security events according to a similarity algorithm that indicates similarity between the candidate security events, (4) generating, for each group of facets, a weak classifier for detecting security events based on a nearest neighbor graph, and (5) performing, by the network security system, a remedial action in response to classifying a candidate security event as a security threat by applying a combination of the weak classifiers for the groups of facets to the candidate security event. Various other methods, systems, and computer-readable media are also disclosed.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.