Automated threat alert triage via data provenance

Invention Grant

US11194906B2 Automated threat alert triage via data provenance 有权

Please log in to see more content

Patent Title: Automated threat alert triage via data provenance
Application No.: US16507353

Application Date: 2019-07-10
Publication No.: US11194906B2

Publication Date: 2021-12-07
Inventor: Ding Li , Kangkook Jee , Zhengzhang Chen , Zhichun Li , Wajih Ul Hassan
Applicant: NEC Laboratories America, Inc.
Applicant Address: US NJ Princeton
Assignee: NEC Laboratories America, Inc.
Current Assignee: NEC Laboratories America, Inc.
Current Assignee Address: US NJ Princeton
Agent Joseph Kolodka
Main IPC: G06F21/55
IPC: G06F21/55 ; G06F21/56

Abstract:

A method for implementing automated threat alert triage via data provenance includes receiving a set of alerts and security provenance data, separating true alert events within the set of alert events corresponding to malicious activity from false alert events within the set of alert events corresponding to benign activity based on an alert anomaly score assigned to the at least one alert event, and automatically generating a set of triaged alert events based on the separation.

Public/Granted literature

US20200042700A1 AUTOMATED THREAT ALERT TRIAGE VIA DATA PROVENANCE Public/Granted day:2020-02-06

Information query

Espacenet

IPC分类:

G	物理
G06	计算；推算或计数
G06F	电数字数据处理（基于特定计算模型的计算机系统入G06N）
G06F21/00	防止未授权行为的保护计算机、其部件、程序或数据的安全装置
G06F21/50	.监控用户、程序或设备，以维护平台完整。例如：处理器、固件或操作系统
G06F21/55	..检测本地入侵或实施对策