ORDERING SECURITY INCIDENTS USING ALERT DIVERSITY

In a computer network monitored for security threats, security incidents corresponding to groups of mutually related security alerts may be ranked based on values of a diversity metric computed for each incident from attribute values of an attribute, or multiple attributes, associated with the secur...

Full description

Saved in:
Bibliographic Details
Main Authors FLOWERS, Michael Steven, BERTIGER, Anna Swanson
Format Patent
LanguageEnglish
Published 05.09.2024
Subjects
Online AccessGet full text

Cover

Loading…
More Information
Summary:In a computer network monitored for security threats, security incidents corresponding to groups of mutually related security alerts may be ranked based on values of a diversity metric computed for each incident from attribute values of an attribute, or multiple attributes, associated with the security alerts. In some embodiments, values of attribute-specific sub-metrics are determined for each incident and combined, e.g., upon conversion to p-values, into respective values of the overall diversity metric. Based on the ranking, an output may be generated. For example, a ranked list of the security incidents (or a subset thereof) may be communicated to a security administrator, and/or may trigger an automated mitigating action.
Bibliography:Application Number: US202418638282