公开(公告)号：EP4290808A2

公开(公告)日：2023-12-13

申请号：EP23206708.2

申请日：2020-11-03

申请人： Microsoft Technology Licensing, LLC

发明人： COSTEA, Mihai ,  BETSER, Michael Abraham ,  POLURI, Ravi Kiran Reddy ,  DING, Hua ,  LI, Weisheng ,  PAMPATI, Phanindra ,  YOST, David Nicholas

IPC分类号： H04L9/40

摘要： Methods, systems, and computer storage media for providing a multi-attribute cluster-identifier that supports identifying malicious activity in computing environments. An instance of an activity having an attribute set can be assessed. The attribute set of the instance of the activity is analyzed to determine whether the instance of the activity is a malicious activity. The attribute set of the instance of the activity is compared to a plurality of multi-attribute cluster-identifiers of previous instances of the activity, such that, a determination that the instance of the activity is a malicious activity is made when the attribute set of the instance of the activity corresponds to an identified multi-attribute cluster-identifier. The identified multi-attribute cluster-identifier has a risk score and an attribute set that indicate a likelihood that the instance of the activity is a malicious activity. A visualization that identifies the instance of the activity as a malicious activity is generated.

公开(公告)号：EP4290808A3

公开(公告)日：2024-02-21

申请号：EP23206708.2

申请日：2020-11-03

申请人： Microsoft Technology Licensing, LLC

发明人： COSTEA, Mihai ,  BETSER, Michael Abraham ,  POLURI, Ravi Kiran Reddy ,  DING, Hua ,  LI, Weisheng ,  PAMPATI, Phanindra ,  YOST, David Nicholas

IPC分类号： G06F21/55 ,  G06F21/56 ,  H04L41/22 ,  H04L51/212 ,  H04L9/40

摘要： Methods, systems, and computer storage media for providing a multi-attribute cluster-identifier that supports identifying malicious activity in computing environments. An instance of an activity having an attribute set can be assessed. The attribute set of the instance of the activity is analyzed to determine whether the instance of the activity is a malicious activity. The attribute set of the instance of the activity is compared to a plurality of multi-attribute cluster-identifiers of previous instances of the activity, such that, a determination that the instance of the activity is a malicious activity is made when the attribute set of the instance of the activity corresponds to an identified multi-attribute cluster-identifier. The identified multi-attribute cluster-identifier has a risk score and an attribute set that indicate a likelihood that the instance of the activity is a malicious activity. A visualization that identifies the instance of the activity as a malicious activity is generated.

公开(公告)号：EP4052156A1

公开(公告)日：2022-09-07

申请号：EP20816697.5

申请日：2020-11-03

申请人： Microsoft Technology Licensing, LLC

发明人： COSTEA, Mihai ,  BETSER, Michael Abraham ,  POLURI, Ravi Kiran Reddy ,  DING, Hua ,  LI, Weisheng ,  PAMPATI, Phanindra ,  YOST, David Nicholas

IPC分类号： G06F21/55 ,  G06F21/56

公开(公告)号：EP4364000A1

公开(公告)日：2024-05-08

申请号：EP22732737.6

申请日：2022-05-23

申请人： Microsoft Technology Licensing, LLC

发明人： SEWAK, Mohit ,  POLURI, Ravi Kiran Reddy ,  BLUM, William ,  CHAN, Pak On ,  LI, Weisheng ,  ACHARYA, Sharada Shirish ,  RUDNICK, Christian ,  BETSER, Michael Abraham ,  DRINIC, Milenko ,  LIU, Sihong

IPC分类号： G06F16/33 ,  G06F16/35

CPC分类号： G06F16/35 ,  G06F16/3344 ,  G06F16/3346 ,  G06F40/30