- 专利标题: Forensic analysis of computing activity
-
申请号: US15946026申请日: 2018-04-05
-
公开(公告)号: US10516682B2公开(公告)日: 2019-12-24
- 发明人: Beata Ladnai , Mark David Harris , Andrew J. Thomas , Andrew G. P. Smith , Russell Humphries , Kenneth D. Ray
- 申请人: Sophos Limited
- 申请人地址: GB Abingdon
- 专利权人: Sophos Limited
- 当前专利权人: Sophos Limited
- 当前专利权人地址: GB Abingdon
- 代理机构: Strategic Patents, P.C.
- 主分类号: H04L29/06
- IPC分类号: H04L29/06 ; G06F16/901 ; G06Q10/06 ; G06Q50/26
摘要:
A data recorder stores endpoint activity on an ongoing basis as sequences of events that causally relate computer objects such as processes and files. When a security event is detected, an event graph may be generated based on these causal relationships among the computing objects. For a root cause analysis, the event graph may be traversed in a reverse order from the point of an identified security event (e.g., a malware detection event) to preceding computing objects, while applying one or more cause identification rules to identify a root cause of the security event. Once a root cause is identified, the event graph may be traversed forward from the root cause to identify other computing objects that are potentially compromised by the root cause.
公开/授权文献
- US20180227320A1 FORENSIC ANALYSIS OF COMPUTING ACTIVITY 公开/授权日:2018-08-09
信息查询