Detection of security incidents with low confidence security events
US9888024B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 30, 2015 |
| Grant date | Feb 6, 2018 |
| Priority date | — |
| Expiry date | Jan 22, 2036 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L41/0604
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Techniques are disclosed for detecting security incidents based on low confidence security events. A security management server aggregates a collection of security events received from logs from one or more devices. The security management server evaluates the collection of security events based on a confidence score assigned to each distinct type of security event. Each confidence score indicates a likelihood that a security incident has occurred. The security management server determines, based on the confidence scores, at least one threshold for determining when to report an occurrence of a security incident from the collection of security events. Upon determining that at least one security event of the collection has crossed the at least one threshold, the security management server reports the occurrence of the security incident to an analyst.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.