Patent · US Active

Method and apparatus for aggregating indicators of compromise for use in network security

US9985982B1 · kind B1 · utility

57Cited by

10References

19Claims

0Family size

Assignee

Cisco Technology, Inc. · US

Inventors

Karel Bartos · Praha, CZ
Michal Sofka · Princeton, US
Vojtech Franc · Roudnice nad Labem, CZ
Jiri Havelka · Chodov, CZ

Key dates

Filing date	Dec 21, 2015
Grant date	May 29, 2018
Priority date	—
Expiry date	Jun 9, 2036

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/20
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

In one embodiment, a method includes receiving at a security analysis device a plurality of indicators of compromise (IOCs) associated with an entity, sorting at the security analysis device, the IOCs based on a time of occurrence of each of the IOCs, creating a representation of transitions between the IOCs at the security analysis device, and generating at the security analysis device, a feature vector based on the representation of transitions. The feature vector is configured for use by a classifier in identifying malicious entities. An apparatus and logic are also disclosed herein.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.