WO2018217259A3 - Détection d'hôte anormal basée sur des pairs pour des systèmes de sécurité d'entreprise - Google Patents

Détection d'hôte anormal basée sur des pairs pour des systèmes de sécurité d'entreprise Download PDF

Info

Publication number
WO2018217259A3
WO2018217259A3 PCT/US2018/019829 US2018019829W WO2018217259A3 WO 2018217259 A3 WO2018217259 A3 WO 2018217259A3 US 2018019829 W US2018019829 W US 2018019829W WO 2018217259 A3 WO2018217259 A3 WO 2018217259A3
Authority
WO
WIPO (PCT)
Prior art keywords
behavior
target host
peer
security systems
enterprise security
Prior art date
Application number
PCT/US2018/019829
Other languages
English (en)
Other versions
WO2018217259A2 (fr
Inventor
Zhengzhang CHEN
Luan Tang
Zhichun Li
Cheng Cao
Original Assignee
Nec Laboratories America, Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US15/902,432 external-priority patent/US10476754B2/en
Priority claimed from US15/902,369 external-priority patent/US10476753B2/en
Priority claimed from US15/902,318 external-priority patent/US10367842B2/en
Application filed by Nec Laboratories America, Inc filed Critical Nec Laboratories America, Inc
Publication of WO2018217259A2 publication Critical patent/WO2018217259A2/fr
Publication of WO2018217259A3 publication Critical patent/WO2018217259A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2218/00Aspects of pattern recognition specially adapted for signal processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V20/00Scenes; Scene-specific elements
    • G06V20/40Scenes; Scene-specific elements in video content
    • G06V20/44Event detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Debugging And Monitoring (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne des systèmes et des procédés pour déterminer un niveau de risque d'un hôte dans un réseau comprenant la modélisation (402) du comportement d'un hôte cible sur la base d'événements historiques enregistrés au niveau de l'hôte cible. Un ou plusieurs hôtes pairs originaux ayant un comportement similaire au comportement de l'hôte cible sont déterminés (404). Un score d'anomalie pour l'hôte cible est déterminé (406) sur la base de la manière dont le comportement de l'hôte cible change par rapport au comportement du ou des hôtes pairs originaux dans le temps. Une action de gestion de sécurité est effectuée sur la base du score d'anomalie.
PCT/US2018/019829 2017-02-27 2018-02-27 Détection d'hôte anormal basée sur des pairs pour des systèmes de sécurité d'entreprise WO2018217259A2 (fr)

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
US201762463976P 2017-02-27 2017-02-27
US62/463,976 2017-02-27
US15/902,432 US10476754B2 (en) 2015-04-16 2018-02-22 Behavior-based community detection in enterprise information networks
US15/902,318 2018-02-22
US15/902,369 US10476753B2 (en) 2015-04-16 2018-02-22 Behavior-based host modeling
US15/902,318 US10367842B2 (en) 2015-04-16 2018-02-22 Peer-based abnormal host detection for enterprise security systems
US15/902,369 2018-02-22
US15/902,432 2018-02-22

Publications (2)

Publication Number Publication Date
WO2018217259A2 WO2018217259A2 (fr) 2018-11-29
WO2018217259A3 true WO2018217259A3 (fr) 2019-02-28

Family

ID=64396834

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2018/019829 WO2018217259A2 (fr) 2017-02-27 2018-02-27 Détection d'hôte anormal basée sur des pairs pour des systèmes de sécurité d'entreprise

Country Status (1)

Country Link
WO (1) WO2018217259A2 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11601445B2 (en) * 2020-03-31 2023-03-07 Forescout Technologies, Inc. Clustering enhanced analysis

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080059474A1 (en) * 2005-12-29 2008-03-06 Blue Jungle Detecting Behavioral Patterns and Anomalies Using Activity Profiles
WO2011112469A2 (fr) * 2010-03-09 2011-09-15 Microsoft Corporation Système de sécurité basé sur le comportement
US8973133B1 (en) * 2012-12-19 2015-03-03 Symantec Corporation Systems and methods for detecting abnormal behavior of networked devices
US9355007B1 (en) * 2013-07-15 2016-05-31 Amazon Technologies, Inc. Identifying abnormal hosts using cluster processing
US9516039B1 (en) * 2013-11-12 2016-12-06 EMC IP Holding Company LLC Behavioral detection of suspicious host activities in an enterprise

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080059474A1 (en) * 2005-12-29 2008-03-06 Blue Jungle Detecting Behavioral Patterns and Anomalies Using Activity Profiles
WO2011112469A2 (fr) * 2010-03-09 2011-09-15 Microsoft Corporation Système de sécurité basé sur le comportement
US8973133B1 (en) * 2012-12-19 2015-03-03 Symantec Corporation Systems and methods for detecting abnormal behavior of networked devices
US9355007B1 (en) * 2013-07-15 2016-05-31 Amazon Technologies, Inc. Identifying abnormal hosts using cluster processing
US9516039B1 (en) * 2013-11-12 2016-12-06 EMC IP Holding Company LLC Behavioral detection of suspicious host activities in an enterprise

Also Published As

Publication number Publication date
WO2018217259A2 (fr) 2018-11-29

Similar Documents

Publication Publication Date Title
AU2017263290A1 (en) A method and system for verifying integrity of a digital asset using a distributed hash table and a peer-to-peer distributed ledger
WO2020223099A3 (fr) Service de protection de données en nuage
US11030311B1 (en) Detecting and protecting against computing breaches based on lateral movement of a computer file within an enterprise
PH12019501309A1 (en) Blockchain asset issuing and redemption methods and apparatuses, and electronic device therefore
EP3667557A8 (fr) Procédé et dispositif de suivi d'un objet
WO2018107048A3 (fr) Prévention d'attaques automatisées malveillantes sur un service web
GB2571390A (en) Systems and method for secure management of digital contracts
AU2016202184B1 (en) Event correlation across heterogeneous operations
GB2581741A (en) Cognitive virtual detector
EP2911078A3 (fr) Système de partage de sécurité
SG11201809981QA (en) Processing method for preventing copy attack, and server and client
NZ735353A (en) Systems and methods for organizing devices in a policy hierarchy
WO2015177647A3 (fr) Techniques de protection de systèmes et de données contre des cyber-attaques
WO2011112469A3 (fr) Système de sécurité basé sur le comportement
SG10201907025VA (en) Method and system for verifying identities
GB2538654A (en) Prioritizing data reconstruction in distributed storage systems
GB2563340A8 (en) Labeling computing objects for improved threat detection
MX343875B (es) Metodo y sistema para determinar similitud de imagen.
WO2018049437A3 (fr) Système d'intelligence artificielle de cybersécurité
WO2016109152A8 (fr) Gestion sécurisée de journal des événements
EP3857853A4 (fr) Système et procédés de génération de politique de sécurité informatique et de détection d'anomalie automatisées
WO2018217259A3 (fr) Détection d'hôte anormal basée sur des pairs pour des systèmes de sécurité d'entreprise
CN105447385A (zh) 一种多层次检测的应用型数据库蜜罐实现***及方法
BR112017025871A2 (pt) detecção de altos limites refletivos incidentes usando ondas de cisalhamento de campo próximo
WO2019239411A3 (fr) Système, procédé et produit informatique pour le tri en temps réel de plantes

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18805488

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18805488

Country of ref document: EP

Kind code of ref document: A2