WO2008021585A3 - Intelligent intrusion detection utilizing context-based graph-matching of network activity - Google Patents

Intelligent intrusion detection utilizing context-based graph-matching of network activity Download PDF

Info

Publication number
WO2008021585A3
WO2008021585A3 PCT/US2007/063313 US2007063313W WO2008021585A3 WO 2008021585 A3 WO2008021585 A3 WO 2008021585A3 US 2007063313 W US2007063313 W US 2007063313W WO 2008021585 A3 WO2008021585 A3 WO 2008021585A3
Authority
WO
WIPO (PCT)
Prior art keywords
egmids
intrusion detection
graph matching
threat patterns
graph
Prior art date
Application number
PCT/US2007/063313
Other languages
French (fr)
Other versions
WO2008021585A2 (en
Inventor
Thayne R Coffman
Original Assignee
21St Century Technologies Inc
Thayne R Coffman
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 21St Century Technologies Inc, Thayne R Coffman filed Critical 21St Century Technologies Inc
Publication of WO2008021585A2 publication Critical patent/WO2008021585A2/en
Publication of WO2008021585A3 publication Critical patent/WO2008021585A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Abstract

A method, system, and computer program product for utilizing a mapping of activity occurring at and between devices (132-138) on a computer network to detect and prevent network intrusions. An enhanced graph matching intrusion detection system (eGMIDS) 100 (including an eGMIDS utility 235) is provided that comprises data collection functions, data fusion techniques, graph matching algorithms, and secondary and other search mechanisms. Threats are modeled as a set of entities and interrelations between the entities and sample threat patterns are stored within a database. The eGMIDS utility 235 initiates a graph matching algorithm by which the threat patterns are compared within the generated activity graph via subgraph isomorphism. A multi-layered approach including a targeted secondary layer search following a match during a primary layer search is provided. Searches are tempered by attributes and constraints and the eGMIDS reduces the number of threat patterns searched by utilizing ontological generalization.
PCT/US2007/063313 2006-03-04 2007-03-05 Intelligent intrusion detection utilizing context-based graph-matching of network activity WO2008021585A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/367,943 2006-03-04
US11/367,943 US7624448B2 (en) 2006-03-04 2006-03-04 Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data

Publications (2)

Publication Number Publication Date
WO2008021585A2 WO2008021585A2 (en) 2008-02-21
WO2008021585A3 true WO2008021585A3 (en) 2008-06-19

Family

ID=38472803

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/063313 WO2008021585A2 (en) 2006-03-04 2007-03-05 Intelligent intrusion detection utilizing context-based graph-matching of network activity

Country Status (2)

Country Link
US (1) US7624448B2 (en)
WO (1) WO2008021585A2 (en)

Families Citing this family (171)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS5991549A (en) * 1982-11-17 1984-05-26 Nec Corp Method for storing instruction word to instruction buffer
US20060015942A1 (en) 2002-03-08 2006-01-19 Ciphertrust, Inc. Systems and methods for classification of messaging entities
US8561167B2 (en) 2002-03-08 2013-10-15 Mcafee, Inc. Web reputation scoring
US8578480B2 (en) 2002-03-08 2013-11-05 Mcafee, Inc. Systems and methods for identifying potentially malicious messages
US8132250B2 (en) * 2002-03-08 2012-03-06 Mcafee, Inc. Message profiling systems and methods
AU2003279517A1 (en) * 2003-08-11 2005-02-25 Telecom Italia S.P.A. Method and system for detecting unauthorised use of a communication network
US8635690B2 (en) 2004-11-05 2014-01-21 Mcafee, Inc. Reputation based message processing
US8566928B2 (en) 2005-10-27 2013-10-22 Georgia Tech Research Corporation Method and system for detecting and responding to attacking networks
US20070179760A1 (en) * 2006-01-06 2007-08-02 Intel Corporation Method of determining graph isomorphism in polynomial-time
US7739211B2 (en) * 2006-11-08 2010-06-15 21St Century Technologies, Inc. Dynamic SNA-based anomaly detection using unsupervised learning
US9715675B2 (en) * 2006-08-10 2017-07-25 Oracle International Corporation Event-driven customizable automated workflows for incident remediation
KR100817799B1 (en) * 2006-10-13 2008-03-31 한국정보보호진흥원 System and method for network vulnerability analysis using the multiple heterogeneous scanners
US20080162690A1 (en) * 2006-12-21 2008-07-03 Observva Technologies Pty Ltd Application Management System
US8161550B2 (en) * 2007-01-23 2012-04-17 Knowledge Based Systems, Inc. Network intrusion detection
US7779156B2 (en) 2007-01-24 2010-08-17 Mcafee, Inc. Reputation based load balancing
US8763114B2 (en) 2007-01-24 2014-06-24 Mcafee, Inc. Detecting image spam
US8214497B2 (en) 2007-01-24 2012-07-03 Mcafee, Inc. Multi-dimensional reputation scoring
WO2008151321A2 (en) * 2007-06-08 2008-12-11 The Trustees Of Columbia University In The City Of New York Systems, methods, and media for enforcing a security policy in a network including a plurality of components
US8441484B2 (en) * 2007-09-04 2013-05-14 Cisco Technology, Inc. Network trouble-tickets displayed as dynamic multi-dimensional graph
US8185930B2 (en) 2007-11-06 2012-05-22 Mcafee, Inc. Adjusting filter or classification control settings
US8589503B2 (en) 2008-04-04 2013-11-19 Mcafee, Inc. Prioritizing network traffic
US7864037B2 (en) * 2008-06-16 2011-01-04 International Business Machines Corporation Pattern-driven communication architecture
US8086547B2 (en) * 2008-06-16 2011-12-27 International Business Machines Corporation Data pattern generation, modification and management utilizing a semantic network-based graphical interface
US10027688B2 (en) 2008-08-11 2018-07-17 Damballa, Inc. Method and system for detecting malicious and/or botnet-related domain names
US20110167085A1 (en) * 2008-09-12 2011-07-07 Haschek Hans M System and Method for Searching for a Target Contact and for Generating a Contact Path
US20100082667A1 (en) * 2008-09-22 2010-04-01 International Business Machines Corporation Utilizing a social network for locating a target individual based upon a proximity search
US8996622B2 (en) * 2008-09-30 2015-03-31 Yahoo! Inc. Query log mining for detecting spam hosts
US20100082694A1 (en) * 2008-09-30 2010-04-01 Yahoo! Inc. Query log mining for detecting spam-attracting queries
US8387145B2 (en) * 2009-06-08 2013-02-26 Microsoft Corporation Blocking malicious activity using blacklist
US8185613B2 (en) * 2009-06-08 2012-05-22 Microsoft Corporation Host accountability using unreliable identifiers
US8572740B2 (en) * 2009-10-01 2013-10-29 Kaspersky Lab, Zao Method and system for detection of previously unknown malware
US8578497B2 (en) 2010-01-06 2013-11-05 Damballa, Inc. Method and system for detecting malware
US8826438B2 (en) 2010-01-19 2014-09-02 Damballa, Inc. Method and system for network-based detecting of malware from behavioral clustering
US8782209B2 (en) * 2010-01-26 2014-07-15 Bank Of America Corporation Insider threat correlation tool
EP2438511B1 (en) 2010-03-22 2019-07-03 LRDC Systems, LLC A method of identifying and protecting the integrity of a set of source data
US8805839B2 (en) 2010-04-07 2014-08-12 Microsoft Corporation Analysis of computer network activity by successively removing accepted types of access events
US8779921B1 (en) * 2010-05-14 2014-07-15 Solio Security, Inc. Adaptive security network, sensor node and method for detecting anomalous events in a security network
US8621638B2 (en) 2010-05-14 2013-12-31 Mcafee, Inc. Systems and methods for classification of messaging entities
US20110307487A1 (en) * 2010-06-15 2011-12-15 Honeywell International Inc. System for multi-modal data mining and organization via elements clustering and refinement
US9516058B2 (en) 2010-08-10 2016-12-06 Damballa, Inc. Method and system for determining whether domain names are legitimate or malicious
US8935188B2 (en) * 2010-08-17 2015-01-13 At&T Intellectual Property I, L.P. Method and apparatus for classifying applications using the collective properties of network traffic in a traffic activity graph
US8752174B2 (en) 2010-12-27 2014-06-10 Avaya Inc. System and method for VoIP honeypot for converged VoIP services
RU2454714C1 (en) * 2010-12-30 2012-06-27 Закрытое акционерное общество "Лаборатория Касперского" System and method of increasing efficiency of detecting unknown harmful objects
US8631489B2 (en) 2011-02-01 2014-01-14 Damballa, Inc. Method and system for detecting malicious domain names at an upper DNS hierarchy
US8666999B2 (en) * 2011-08-02 2014-03-04 Rockwell Automation Technologies, Inc. Search utility program for software developers
WO2013036785A2 (en) * 2011-09-08 2013-03-14 Hewlett-Packard Development Company, L.P. Visual component and drill down mapping
US9922190B2 (en) 2012-01-25 2018-03-20 Damballa, Inc. Method and system for detecting DGA-based malware
US9374380B2 (en) 2012-03-22 2016-06-21 Los Alamos National Security, Llc Non-harmful insertion of data mimicking computer network attacks
US20150047026A1 (en) * 2012-03-22 2015-02-12 Los Alamos National Security, Llc Anomaly detection to identify coordinated group attacks in computer networks
US8710983B2 (en) 2012-05-07 2014-04-29 Integrated Security Corporation Intelligent sensor network
KR101369383B1 (en) * 2012-05-22 2014-03-06 한국전자통신연구원 Apparatus and method for collecting network data traffic
US9038178B1 (en) 2012-06-25 2015-05-19 Emc Corporation Detection of malware beaconing activities
US10547674B2 (en) 2012-08-27 2020-01-28 Help/Systems, Llc Methods and systems for network flow analysis
US9894088B2 (en) 2012-08-31 2018-02-13 Damballa, Inc. Data mining to identify malicious activity
US9166994B2 (en) 2012-08-31 2015-10-20 Damballa, Inc. Automation discovery to identify malicious activity
US10084806B2 (en) 2012-08-31 2018-09-25 Damballa, Inc. Traffic simulation to identify malicious activity
US9680861B2 (en) 2012-08-31 2017-06-13 Damballa, Inc. Historical analysis to identify malicious activity
WO2014039884A1 (en) * 2012-09-07 2014-03-13 Magnet Systems, Inc. Time-based graph data model
US9830451B2 (en) 2012-11-30 2017-11-28 Entit Software Llc Distributed pattern discovery
US9659085B2 (en) * 2012-12-28 2017-05-23 Microsoft Technology Licensing, Llc Detecting anomalies in behavioral network with contextual side information
US10318583B2 (en) * 2013-03-15 2019-06-11 The Board Of Trustees Of The Leland Stanford Junior University Systems and methods for recommending relationships within a graph database
US9092548B2 (en) 2013-03-15 2015-07-28 Magnet Systems, Inc. Time-based graph data model
US9195826B1 (en) * 2013-05-30 2015-11-24 Emc Corporation Graph-based method to detect malware command-and-control infrastructure
US9571511B2 (en) 2013-06-14 2017-02-14 Damballa, Inc. Systems and methods for traffic classification
JP6219621B2 (en) * 2013-07-02 2017-10-25 セコム株式会社 Communication verification device
JP6101408B2 (en) * 2013-09-10 2017-03-22 シマンテック コーポレーションSymantec Corporation System and method for detecting attacks on computing systems using event correlation graphs
US9166997B1 (en) * 2013-09-19 2015-10-20 Symantec Corporation Systems and methods for reducing false positives when using event-correlation graphs to detect attacks on computing systems
US10191769B2 (en) 2013-09-26 2019-01-29 British Telecommunications Public Limited Company Efficient event filter
US9690936B1 (en) * 2013-09-30 2017-06-27 Fireeye, Inc. Multistage system and method for analyzing obfuscated content for malware
CN105659247B (en) * 2013-11-19 2019-05-31 英特尔公司 The proactive Threat Management system of context-aware
DE102014211504A1 (en) 2014-06-16 2015-12-17 Siemens Aktiengesellschaft Method and system for obtaining and analyzing forensic data in a distributed computing infrastructure
US9736173B2 (en) * 2014-10-10 2017-08-15 Nec Corporation Differential dependency tracking for attack forensics
US9648036B2 (en) * 2014-12-29 2017-05-09 Palantir Technologies Inc. Systems for network risk assessment including processing of user access rights associated with a network of devices
US10230742B2 (en) 2015-01-30 2019-03-12 Anomali Incorporated Space and time efficient threat detection
US9930065B2 (en) 2015-03-25 2018-03-27 University Of Georgia Research Foundation, Inc. Measuring, categorizing, and/or mitigating malware distribution paths
EP3274935A1 (en) 2015-03-27 2018-01-31 British Telecommunications public limited company Anomaly detection by multi-level tolerance relations
US9438618B1 (en) * 2015-03-30 2016-09-06 Amazon Technologies, Inc. Threat detection and mitigation through run-time introspection and instrumentation
US9712554B2 (en) 2015-04-09 2017-07-18 Accenture Global Services Limited Event correlation across heterogeneous operations
US9742788B2 (en) 2015-04-09 2017-08-22 Accenture Global Services Limited Event correlation across heterogeneous operations
US20160299958A1 (en) * 2015-04-13 2016-10-13 Telefonaktiebolaget L M Ericsson (Publ) Method and apparatus for visual logging in networking systems
US10333952B2 (en) 2015-04-16 2019-06-25 Nec Corporation Online alert ranking and attack scenario reconstruction
US10305917B2 (en) * 2015-04-16 2019-05-28 Nec Corporation Graph-based intrusion detection using process traces
US11651313B1 (en) * 2015-04-27 2023-05-16 Amazon Technologies, Inc. Insider threat detection using access behavior analysis
US10536357B2 (en) * 2015-06-05 2020-01-14 Cisco Technology, Inc. Late data detection in data center
US10142353B2 (en) 2015-06-05 2018-11-27 Cisco Technology, Inc. System for monitoring and managing datacenters
WO2017019391A1 (en) * 2015-07-24 2017-02-02 Nec Laboratories America, Inc. Graph-based intrusion detection using process traces
US9699205B2 (en) 2015-08-31 2017-07-04 Splunk Inc. Network security system
US10148679B2 (en) 2015-12-09 2018-12-04 Accenture Global Solutions Limited Connected security system
US10997245B2 (en) * 2015-09-26 2021-05-04 Intel Corporation Dynamic graph extraction based on distributed hub and spoke big data analytics
US10027698B2 (en) * 2015-12-18 2018-07-17 National Technology & Engineering Solutions Of Sandia, Llc Network protection system using linkographs
US9571980B1 (en) * 2015-12-28 2017-02-14 Cisco Technology, Inc. Augmenting Wi-Fi localization with auxiliary sensor information
US10333815B2 (en) * 2016-03-17 2019-06-25 Nec Corporation Real-time detection of abnormal network connections in streaming data
US10826933B1 (en) * 2016-03-31 2020-11-03 Fireeye, Inc. Technique for verifying exploit/malware at malware detection appliance through correlation with endpoints
US10893059B1 (en) 2016-03-31 2021-01-12 Fireeye, Inc. Verification and enhancement using detection systems located at the network periphery and endpoint devices
US10476749B2 (en) * 2016-04-04 2019-11-12 Nec Corporation Graph-based fusing of heterogeneous alerts
US10013240B2 (en) * 2016-06-21 2018-07-03 Advanced Micro Devices, Inc. Fingerprinting of redundant threads using compiler-inserted transformation code
US11423082B2 (en) * 2016-06-29 2022-08-23 Intel Corporation Methods and apparatus for subgraph matching in big data analysis
US10313365B2 (en) * 2016-08-15 2019-06-04 International Business Machines Corporation Cognitive offense analysis using enriched graphs
US10542015B2 (en) 2016-08-15 2020-01-21 International Business Machines Corporation Cognitive offense analysis using contextual data and knowledge graphs
US10536472B2 (en) 2016-08-15 2020-01-14 International Business Machines Corporation Cognitive analysis of security data with signal flow-based graph exploration
EP3291120B1 (en) * 2016-09-06 2021-04-21 Accenture Global Solutions Limited Graph database analysis for network anomaly detection systems
US10771492B2 (en) 2016-09-22 2020-09-08 Microsoft Technology Licensing, Llc Enterprise graph method of threat detection
WO2018071625A1 (en) * 2016-10-12 2018-04-19 Nec Laboratories America, Inc. Online alert ranking and attack scenario reconstruction
EP3333770A1 (en) * 2016-12-09 2018-06-13 Fujitsu Limited Matching graph entities in graph data
US10263998B1 (en) * 2016-12-14 2019-04-16 EMC IP Holding Company LLC Automated determination of relevance of a security alert to one or more other security alerts based on shared markers
US11240256B2 (en) 2017-01-31 2022-02-01 Micro Focus Llc Grouping alerts into bundles of alerts
US11431792B2 (en) 2017-01-31 2022-08-30 Micro Focus Llc Determining contextual information for alerts
US11240263B2 (en) 2017-01-31 2022-02-01 Micro Focus Llc Responding to alerts
US11194915B2 (en) 2017-04-14 2021-12-07 The Trustees Of Columbia University In The City Of New York Methods, systems, and media for testing insider threat detection systems
US10810210B2 (en) * 2017-05-12 2020-10-20 Battelle Memorial Institute Performance and usability enhancements for continuous subgraph matching queries on graph-structured data
US11159559B2 (en) 2017-05-17 2021-10-26 Threatmodeler Software Inc. Systems and methods for importing diagrams for automated threat modeling
US11314872B2 (en) 2017-05-17 2022-04-26 Threatmodeler Software Inc. Systems and methods for automated threat modeling when deploying infrastructure as a code
US10699008B2 (en) 2017-05-17 2020-06-30 Threatmodeler Software Inc. Threat model chaining and attack simulation systems and related methods
US11568059B2 (en) 2017-05-17 2023-01-31 Threatmodeler Software Inc. Systems and methods for automated threat model generation from diagram files
US10747876B2 (en) * 2017-05-17 2020-08-18 Threatmodeler Software Inc. Systems and methods for assisted model generation
US10984112B2 (en) 2017-05-17 2021-04-20 Threatmodeler Software Inc. Systems and methods for automated threat modeling of an existing computing environment
US11620386B2 (en) 2017-05-17 2023-04-04 Threatmodeler Software Inc. Threat modeling systems and related methods including mitigating components
US10255439B2 (en) 2017-05-17 2019-04-09 Threatmodeler Software Inc. Threat modeling systems and related methods including compensating controls
JP6834768B2 (en) * 2017-05-17 2021-02-24 富士通株式会社 Attack detection method, attack detection program and relay device
US10713366B2 (en) 2017-05-17 2020-07-14 Threatmodeler Software Inc. Systems and methods for automated threat model generation from third party diagram files
US10678804B2 (en) 2017-09-25 2020-06-09 Splunk Inc. Cross-system journey monitoring based on relation of machine data
WO2019084693A1 (en) * 2017-11-06 2019-05-09 Cyber Defence Qcd Corporation Methods and systems for monitoring cyber-events
US10812499B2 (en) 2017-11-09 2020-10-20 Accenture Global Solutions Limited Detection of adversary lateral movement in multi-domain IIOT environments
US11194903B2 (en) 2018-02-23 2021-12-07 Crowd Strike, Inc. Cross-machine detection techniques
US20190266323A1 (en) * 2018-02-23 2019-08-29 Crowdstrike, Inc. Identification process for suspicious activity patterns based on ancestry relationship
EP3531325B1 (en) 2018-02-23 2021-06-23 Crowdstrike, Inc. Computer security event analysis
US11050764B2 (en) * 2018-02-23 2021-06-29 Crowdstrike, Inc. Cardinality-based activity pattern detection
US11310249B2 (en) 2018-03-26 2022-04-19 The Trustees Of Columbia University In The City Of New York Systems, methods, and media for defending computing systems from attack
US10909182B2 (en) 2018-03-26 2021-02-02 Splunk Inc. Journey instance generation based on one or more pivot identifiers and one or more step identifiers
US10885049B2 (en) * 2018-03-26 2021-01-05 Splunk Inc. User interface to identify one or more pivot identifiers and one or more step identifiers to process events
US11171970B2 (en) * 2018-05-01 2021-11-09 Royal Bank Of Canada System and method for reducing false positive security events
US10567220B2 (en) 2018-05-07 2020-02-18 Vmware, Inc. Distributed rules engine for processing events associated with internet of things devices
US11165803B2 (en) * 2018-06-12 2021-11-02 Netskope, Inc. Systems and methods to show detailed structure in a security events graph
US11539749B2 (en) 2018-06-12 2022-12-27 Netskope, Inc. Systems and methods for alert prioritization using security events graph
US10951638B2 (en) * 2018-06-27 2021-03-16 International Business Machines Corporation Security of server hosting remote application
US11194906B2 (en) * 2018-07-31 2021-12-07 Nec Corporation Automated threat alert triage via data provenance
US20200076833A1 (en) 2018-08-31 2020-03-05 Sophos Limited Dynamic filtering of endpoint event streams
US11941054B2 (en) * 2018-10-12 2024-03-26 International Business Machines Corporation Iterative constraint solving in abstract graph matching for cyber incident reasoning
US11184374B2 (en) 2018-10-12 2021-11-23 International Business Machines Corporation Endpoint inter-process activity extraction and pattern matching
US11194910B2 (en) * 2018-11-02 2021-12-07 Microsoft Technology Licensing, Llc Intelligent system for detecting multistage attacks
US11032304B2 (en) * 2018-12-04 2021-06-08 International Business Machines Corporation Ontology based persistent attack campaign detection
US11140179B1 (en) * 2018-12-26 2021-10-05 Musarubra Us Llc Cybersecurity investigation tools utilizing information graphs
RU2724800C1 (en) * 2018-12-28 2020-06-25 Акционерное общество "Лаборатория Касперского" System and method of detecting source of malicious activity on computer system
EP3674943A1 (en) * 2018-12-28 2020-07-01 AO Kaspersky Lab System and method of detecting a source of malicious activity in a computer system
US10997192B2 (en) 2019-01-31 2021-05-04 Splunk Inc. Data source correlation user interface
US11520981B2 (en) * 2019-03-07 2022-12-06 Nec Corporation Complex system anomaly detection based on discrete event sequences
US11336617B2 (en) 2019-03-21 2022-05-17 Cisco Technology, Inc. Graphical representation of security threats in a network
CN110012013A (en) * 2019-04-04 2019-07-12 电子科技大学成都学院 A kind of virtual platform threat behavior analysis method and system based on KNN
US11102087B2 (en) * 2019-04-05 2021-08-24 At&T Intellectual Property I, L.P. Service deployment for geo-distributed edge clouds
US10754638B1 (en) 2019-04-29 2020-08-25 Splunk Inc. Enabling agile functionality updates using multi-component application
US11588832B2 (en) 2019-08-02 2023-02-21 Crowdstrike, Inc. Malicious incident visualization
US11582246B2 (en) 2019-08-02 2023-02-14 Crowd Strike, Inc. Advanced incident scoring
US11792210B2 (en) 2019-08-02 2023-10-17 Crowdstrike, Inc. Mapping unbounded incident scores to a fixed range
US11516237B2 (en) * 2019-08-02 2022-11-29 Crowdstrike, Inc. Visualization and control of remotely monitored hosts
US11151125B1 (en) 2019-10-18 2021-10-19 Splunk Inc. Efficient updating of journey instances detected within unstructured event data
CN110909424B (en) * 2019-10-31 2023-08-15 武汉科技大学 Planetary gear train isomorphism judging method, system and medium based on adjacency matrix
CN110852022B (en) * 2019-10-31 2023-05-23 武汉科技大学 Planetary gear train isomorphism judging method, system and medium based on circuit model
CN110826214B (en) * 2019-10-31 2023-08-11 武汉科技大学 Prime number layering-based planetary gear train isomorphism judging method, system and medium
CN110851926B (en) * 2019-10-31 2023-09-01 武汉科技大学 Planetary gear train isomorphism judging method, system and medium based on traversal loop
US11818145B2 (en) * 2019-12-09 2023-11-14 International Business Machines Corporation Characterizing user behavior in a computer system by automated learning of intention embedded in a system-generated event graph
US11330007B2 (en) 2019-12-23 2022-05-10 International Business Machines Corporation Graphical temporal graph pattern editor
US11425150B1 (en) 2020-01-10 2022-08-23 Bank Of America Corporation Lateral movement visualization for intrusion detection and remediation
US11544527B2 (en) * 2020-02-06 2023-01-03 International Business Machines Corporation Fuzzy cyber detection pattern matching
US11809447B1 (en) 2020-04-30 2023-11-07 Splunk Inc. Collapsing nodes within a journey model
US11363041B2 (en) 2020-05-15 2022-06-14 International Business Machines Corporation Protecting computer assets from malicious attacks
US11770387B1 (en) * 2020-07-17 2023-09-26 Rapid7, Inc. Graph-based detection of lateral movement in computer networks
US11741131B1 (en) 2020-07-31 2023-08-29 Splunk Inc. Fragmented upload and re-stitching of journey instances detected within event data
CN112073437B (en) * 2020-10-09 2023-12-19 腾讯科技(深圳)有限公司 Multi-dimensional security threat event analysis method, device, equipment and storage medium
US11606378B1 (en) 2020-12-30 2023-03-14 Rapid7, Inc. Lateral movement detection using a mixture of online anomaly scoring models
US11461297B1 (en) 2021-06-09 2022-10-04 T-Mobile Usa, Inc. Ensuring database integrity using a data flow in a graph, such as for use by a wireless telecommunications service provider
CN115277124A (en) * 2022-07-12 2022-11-01 清华大学 Online system and server for searching and matching attack mode based on system tracing graph

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030097588A1 (en) * 2001-10-25 2003-05-22 Fischman Reuben S. Method and system for modeling, analysis and display of network security events
EP1335557A1 (en) * 2002-02-11 2003-08-13 Koninklijke KPN N.V. Method for computer network intrusion detection using pattern matching
US20040036716A1 (en) * 2002-06-12 2004-02-26 Jordahl Jena J. Data storage, retrieval, manipulation and display tools enabling multiple hierarchical points of view
US20040250169A1 (en) * 2003-04-17 2004-12-09 Kddi Corporation IDS log analysis support apparatus, IDS log analysis support method and IDS log analysis support program
US6910135B1 (en) * 1999-07-07 2005-06-21 Verizon Corporate Services Group Inc. Method and apparatus for an intruder detection reporting and response system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7068998B2 (en) * 2001-04-13 2006-06-27 Northrop Grumman Corp. Methodology for the detection of intrusion into radio frequency (RF) based networks including tactical data links and the tactical internet
US7058796B2 (en) * 2002-05-20 2006-06-06 Airdefense, Inc. Method and system for actively defending a wireless LAN against attacks
US7322044B2 (en) * 2002-06-03 2008-01-22 Airdefense, Inc. Systems and methods for automated network policy exception detection and correction
US20060112146A1 (en) * 2004-11-22 2006-05-25 Nec Laboratories America, Inc. Systems and methods for data analysis and/or knowledge management

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6910135B1 (en) * 1999-07-07 2005-06-21 Verizon Corporate Services Group Inc. Method and apparatus for an intruder detection reporting and response system
US20030097588A1 (en) * 2001-10-25 2003-05-22 Fischman Reuben S. Method and system for modeling, analysis and display of network security events
EP1335557A1 (en) * 2002-02-11 2003-08-13 Koninklijke KPN N.V. Method for computer network intrusion detection using pattern matching
US20040036716A1 (en) * 2002-06-12 2004-02-26 Jordahl Jena J. Data storage, retrieval, manipulation and display tools enabling multiple hierarchical points of view
US20040250169A1 (en) * 2003-04-17 2004-12-09 Kddi Corporation IDS log analysis support apparatus, IDS log analysis support method and IDS log analysis support program

Also Published As

Publication number Publication date
US7624448B2 (en) 2009-11-24
WO2008021585A2 (en) 2008-02-21
US20070209074A1 (en) 2007-09-06

Similar Documents

Publication Publication Date Title
WO2008021585A3 (en) Intelligent intrusion detection utilizing context-based graph-matching of network activity
Qin et al. When things matter: A survey on data-centric internet of things
Wenyin et al. Discovering phishing target based on semantic link network
Elhadi et al. Enhancing the detection of metamorphic malware using call graphs
CN102685145A (en) Domain name server (DNS) data packet-based bot-net domain name discovery method
WO2008039542A3 (en) System and method of ad-hoc analysis of data
Mourtaji et al. Hybrid rule-based solution for phishing URL detection using convolutional neural network
WO2005101720A3 (en) Method and system for distinguishing network threats from false positives
Bidoki et al. PbMMD: A novel policy based multi-process malware detection
Wang et al. APT attack detection algorithm based on spatio-temporal association analysis in industrial network
Basnet et al. Mining web to detect phishing URLs
Zhang et al. Intrusion detection and prevention in cloud, fog, and internet of things
Tang et al. Advanced Persistent Threat intelligent profiling technique: A survey
CN109194605B (en) Active verification method and system for suspicious threat indexes based on open source information
Cao et al. Emerging Threats in Deep Learning-Based Autonomous Driving: A Comprehensive Survey
CN103455754B (en) A kind of malicious searches keyword recognition methods based on regular expression
Hsieh et al. Applying an ontology to a patrol intrusion detection system for wireless sensor networks
CN101505304B (en) Network intrusion intension recognizing method based on probabilistic reasoning
Teoh et al. Analyst intuition inspired high velocity big data analysis using PCA ranked fuzzy k-means clustering with multi-layer perceptron (MLP) to obviate cyber security risk
Zhang et al. Research on the intrusion detection technology with hybrid model
Katebi et al. ADCAS: adversarial deep clustering of Android streams
CN109802966A (en) A kind of network intrusions behavioural analysis detection method based on letter frame
Hoque et al. An alert analysis approach to DDoS attack detection
Sisodia et al. Framework for Preprocessing and Feature Extraction from Weblogs for Identification of HTTP Flood Request Attacks
WO2006091578A3 (en) Method and system for extensible profile- and context-based information correlation, routing and distribution

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07840138

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07840138

Country of ref document: EP

Kind code of ref document: A2