LAYERED ANALYSIS FOR NETWORK SECURITY RISK DETECTION

Events within a computer system are grouped in order to identify security threats and, in some cases, perform an action to mitigate the threat. In some aspects, a computing system event that meets a criterion, are identified. A first layer of computing resources is determined which includes computin...

Full description

Saved in:
Bibliographic Details
Main Authors PARIKH, Jugal, MOMENI MILAJERDI, Sadegh, JAKUBOWSKI, Mariusz H
Format Patent
LanguageEnglish
French
German
Published 05.04.2023
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online AccessGet full text

Cover

More Information
Summary:Events within a computer system are grouped in order to identify security threats and, in some cases, perform an action to mitigate the threat. In some aspects, a computing system event that meets a criterion, are identified. A first layer of computing resources is determined which includes computing resources referenced during the computing system event. A second layer of computing resources is then determined, the second layer including one or more of a parent process or file loaded by the first layer processes, a process writing to a file included in the first layer of computing resources, or a previous version of a file included in the first layer of computing resources. Similarities between computing resource pairs in the first and second layers are determined, and a group of high similarity pairs related to each other is identified. In some embodiments, a mitigating action is identified based on the group.
Bibliography:Application Number: EP20210732646