-
公开(公告)号:US20210297436A1
公开(公告)日:2021-09-23
申请号:US16821375
申请日:2020-03-17
发明人: ODED SOFER , ZAMIR PALTIEL
摘要: Techniques for detecting network intrusions are disclosed. An example intrusion detection system includes a storage device to store audit data generated by a network traffic analyzer in accordance with an audit policy that determines an auditing level. The system also includes a processor to receive a case defined by a case definition, wherein the case definition comprises a plurality of symptoms and each symptom is defined by a separate symptom definition. The processor performs queries of the audit data in accordance with each of the symptoms to generate captured symptom data. The symptoms are scored based on the captured symptom data to generate symptom scores, and the symptom scores are summed to generate a case score. If the case score exceeds an alert threshold specified by the case definition, the processor issues an alert.
-
公开(公告)号:US20200092311A1
公开(公告)日:2020-03-19
申请号:US16693989
申请日:2019-11-25
发明人: Shlomit Avrahami , Tali Finelt , ITAI GORDON , Yakir Keisar , Ilan Prager , Alexander Pyasik , ODED SOFER , Or Bar-Yaacov , Yifat Yulevich
摘要: Detecting malware attacks is described herein. A computer-implemented method may include receiving, via a processor, events from a plurality of activity monitors. The method also include extracting, via the processor, a plurality of behavioral features from the received events. The method may further include detecting, via the processor, a malware attack based on the extracted behavioral features using a malware identification model trained on private data and public data using a machine learning technique, wherein the private data includes private enterprise attack findings. The method may also include executing, via the processor, an ad hoc protection improvement based on the detected malware attack.
-
公开(公告)号:US20190068620A1
公开(公告)日:2019-02-28
申请号:US15690668
申请日:2017-08-30
发明人: Shlomit Avrahami , Tali Finelt , ITAI GORDON , Yakir Keisar , Ilan Prager , Alexander Pyasik , ODED SOFER , Or Bar-Yaacov , Yifat Yulevich
IPC分类号: H04L29/06
摘要: Detecting malware attacks is described herein. A computer-implemented method may include receiving, via a processor, events from a plurality of activity monitors. The method also include extracting, via the processor, a plurality of behavioral features from the received events. The method may further include detecting, via the processor, a malware attack based on the extracted behavioral features using a malware identification model trained on private data and public data. The method may also include executing, via the processor, an ad hoc protection improvement based on the detected malware attack.
-
公开(公告)号:US20180278634A1
公开(公告)日:2018-09-27
申请号:US15466892
申请日:2017-03-23
发明人: ALLON ADIR , EHUD AHARONI , LEV GREENBERG , ROSA MIROSHNIKOV , BORIS ROZENBERG , ODED SOFER
IPC分类号: H04L29/06
CPC分类号: H04L63/1425 , G06F21/552 , G06F21/577 , H04L63/1441
摘要: A system for detecting cyber security events can include a processor to generate a first set of a plurality of time series and aggregate statistics based on a plurality of properties corresponding to user actions for each user in a set of users. The processor can also separate the set of users into a plurality of clusters based on the first set of the plurality of time series or aggregate statistics for each user and assign an identifier to each of the plurality of clusters. Additionally, the processor can generate a second set of a plurality of time series based on properties of the plurality of clusters, wherein the properties of a cluster correspond to a membership, a diameter, and a centroid and detect an anomaly based on a new value stored in the second set of the time series. Furthermore, the processor can execute a prevention instruction.
-
-
-
搜索结果
4 条记录 (耗时 0.014 秒)
