Information security incident diagnosis system for assisting in intrusion detection and related computer program
The present invention provides an information security incident diagnosis system for assisting in detecting whether a target network system has been hacked. First, a plurality of activities records of one or more computing devices in a target network system are collected. Then, a discrete space metr...
Saved in:
Main Authors | , , , , |
---|---|
Format | Patent |
Language | English |
Published |
26.01.2023
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | The present invention provides an information security incident diagnosis system for assisting in detecting whether a target network system has been hacked. First, a plurality of activities records of one or more computing devices in a target network system are collected. Then, a discrete space metric tree is generated according to the plurality of activities records, and a clustering operation is performed on the discrete space metric tree to generate one or more event clusters associated with one or more suspicious event categories. Each event cluster may form a guide tree corresponding to the event cluster through single linkage clustering analysis to indicate a merging order from high to low similarity. The merging order is used for recursively performing a graph generating operation to convert a plurality of activities records corresponding to the one or more event clusters into a hierarchical directed acyclic graph (HDAG). |
---|---|
Bibliography: | Application Number: US202217867058 |