LAYERED ANALYSIS FOR NETWORK SECURITY RISK DETECTION
Events within a computer system are grouped in order to identify security threats and, in some cases, perform an action to mitigate the threat. In some aspects, a computing system event that meets a criterion, are identified. A first layer of computing resources is determined which includes computin...
Saved in:
Main Authors | , , |
---|---|
Format | Patent |
Language | English French German |
Published |
05.04.2023
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Events within a computer system are grouped in order to identify security threats and, in some cases, perform an action to mitigate the threat. In some aspects, a computing system event that meets a criterion, are identified. A first layer of computing resources is determined which includes computing resources referenced during the computing system event. A second layer of computing resources is then determined, the second layer including one or more of a parent process or file loaded by the first layer processes, a process writing to a file included in the first layer of computing resources, or a previous version of a file included in the first layer of computing resources. Similarities between computing resource pairs in the first and second layers are determined, and a group of high similarity pairs related to each other is identified. In some embodiments, a mitigating action is identified based on the group. |
---|---|
Bibliography: | Application Number: EP20210732646 |