WO2018217259A3 - Détection d'hôte anormal basée sur des pairs pour des systèmes de sécurité d'entreprise - Google Patents
Détection d'hôte anormal basée sur des pairs pour des systèmes de sécurité d'entreprise Download PDFInfo
- Publication number
- WO2018217259A3 WO2018217259A3 PCT/US2018/019829 US2018019829W WO2018217259A3 WO 2018217259 A3 WO2018217259 A3 WO 2018217259A3 US 2018019829 W US2018019829 W US 2018019829W WO 2018217259 A3 WO2018217259 A3 WO 2018217259A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- behavior
- target host
- peer
- security systems
- enterprise security
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2218/00—Aspects of pattern recognition specially adapted for signal processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V20/00—Scenes; Scene-specific elements
- G06V20/40—Scenes; Scene-specific elements in video content
- G06V20/44—Event detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Debugging And Monitoring (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
L'invention concerne des systèmes et des procédés pour déterminer un niveau de risque d'un hôte dans un réseau comprenant la modélisation (402) du comportement d'un hôte cible sur la base d'événements historiques enregistrés au niveau de l'hôte cible. Un ou plusieurs hôtes pairs originaux ayant un comportement similaire au comportement de l'hôte cible sont déterminés (404). Un score d'anomalie pour l'hôte cible est déterminé (406) sur la base de la manière dont le comportement de l'hôte cible change par rapport au comportement du ou des hôtes pairs originaux dans le temps. Une action de gestion de sécurité est effectuée sur la base du score d'anomalie.
Applications Claiming Priority (8)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201762463976P | 2017-02-27 | 2017-02-27 | |
US62/463,976 | 2017-02-27 | ||
US15/902,432 US10476754B2 (en) | 2015-04-16 | 2018-02-22 | Behavior-based community detection in enterprise information networks |
US15/902,318 | 2018-02-22 | ||
US15/902,369 US10476753B2 (en) | 2015-04-16 | 2018-02-22 | Behavior-based host modeling |
US15/902,318 US10367842B2 (en) | 2015-04-16 | 2018-02-22 | Peer-based abnormal host detection for enterprise security systems |
US15/902,369 | 2018-02-22 | ||
US15/902,432 | 2018-02-22 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2018217259A2 WO2018217259A2 (fr) | 2018-11-29 |
WO2018217259A3 true WO2018217259A3 (fr) | 2019-02-28 |
Family
ID=64396834
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2018/019829 WO2018217259A2 (fr) | 2017-02-27 | 2018-02-27 | Détection d'hôte anormal basée sur des pairs pour des systèmes de sécurité d'entreprise |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2018217259A2 (fr) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11601445B2 (en) * | 2020-03-31 | 2023-03-07 | Forescout Technologies, Inc. | Clustering enhanced analysis |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080059474A1 (en) * | 2005-12-29 | 2008-03-06 | Blue Jungle | Detecting Behavioral Patterns and Anomalies Using Activity Profiles |
WO2011112469A2 (fr) * | 2010-03-09 | 2011-09-15 | Microsoft Corporation | Système de sécurité basé sur le comportement |
US8973133B1 (en) * | 2012-12-19 | 2015-03-03 | Symantec Corporation | Systems and methods for detecting abnormal behavior of networked devices |
US9355007B1 (en) * | 2013-07-15 | 2016-05-31 | Amazon Technologies, Inc. | Identifying abnormal hosts using cluster processing |
US9516039B1 (en) * | 2013-11-12 | 2016-12-06 | EMC IP Holding Company LLC | Behavioral detection of suspicious host activities in an enterprise |
-
2018
- 2018-02-27 WO PCT/US2018/019829 patent/WO2018217259A2/fr active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080059474A1 (en) * | 2005-12-29 | 2008-03-06 | Blue Jungle | Detecting Behavioral Patterns and Anomalies Using Activity Profiles |
WO2011112469A2 (fr) * | 2010-03-09 | 2011-09-15 | Microsoft Corporation | Système de sécurité basé sur le comportement |
US8973133B1 (en) * | 2012-12-19 | 2015-03-03 | Symantec Corporation | Systems and methods for detecting abnormal behavior of networked devices |
US9355007B1 (en) * | 2013-07-15 | 2016-05-31 | Amazon Technologies, Inc. | Identifying abnormal hosts using cluster processing |
US9516039B1 (en) * | 2013-11-12 | 2016-12-06 | EMC IP Holding Company LLC | Behavioral detection of suspicious host activities in an enterprise |
Also Published As
Publication number | Publication date |
---|---|
WO2018217259A2 (fr) | 2018-11-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2017263290A1 (en) | A method and system for verifying integrity of a digital asset using a distributed hash table and a peer-to-peer distributed ledger | |
WO2020223099A3 (fr) | Service de protection de données en nuage | |
US11030311B1 (en) | Detecting and protecting against computing breaches based on lateral movement of a computer file within an enterprise | |
PH12019501309A1 (en) | Blockchain asset issuing and redemption methods and apparatuses, and electronic device therefore | |
EP3667557A8 (fr) | Procédé et dispositif de suivi d'un objet | |
WO2018107048A3 (fr) | Prévention d'attaques automatisées malveillantes sur un service web | |
GB2571390A (en) | Systems and method for secure management of digital contracts | |
AU2016202184B1 (en) | Event correlation across heterogeneous operations | |
GB2581741A (en) | Cognitive virtual detector | |
EP2911078A3 (fr) | Système de partage de sécurité | |
SG11201809981QA (en) | Processing method for preventing copy attack, and server and client | |
NZ735353A (en) | Systems and methods for organizing devices in a policy hierarchy | |
WO2015177647A3 (fr) | Techniques de protection de systèmes et de données contre des cyber-attaques | |
WO2011112469A3 (fr) | Système de sécurité basé sur le comportement | |
SG10201907025VA (en) | Method and system for verifying identities | |
GB2538654A (en) | Prioritizing data reconstruction in distributed storage systems | |
GB2563340A8 (en) | Labeling computing objects for improved threat detection | |
MX343875B (es) | Metodo y sistema para determinar similitud de imagen. | |
WO2018049437A3 (fr) | Système d'intelligence artificielle de cybersécurité | |
WO2016109152A8 (fr) | Gestion sécurisée de journal des événements | |
EP3857853A4 (fr) | Système et procédés de génération de politique de sécurité informatique et de détection d'anomalie automatisées | |
WO2018217259A3 (fr) | Détection d'hôte anormal basée sur des pairs pour des systèmes de sécurité d'entreprise | |
CN105447385A (zh) | 一种多层次检测的应用型数据库蜜罐实现***及方法 | |
BR112017025871A2 (pt) | detecção de altos limites refletivos incidentes usando ondas de cisalhamento de campo próximo | |
WO2019239411A3 (fr) | Système, procédé et produit informatique pour le tri en temps réel de plantes |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 18805488 Country of ref document: EP Kind code of ref document: A2 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 18805488 Country of ref document: EP Kind code of ref document: A2 |