中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

10 records (took 0.03 seconds)

    Detecting and preventing distributed data exfiltration attacks
    2.
    发明授权
    Detecting and preventing distributed data exfiltration attacks 有权

    公开(公告)号:US11966470B2

    公开(公告)日:2024-04-23

    申请号:US17455021

    申请日:2021-11-16

    Applicant: International Business Machines Corporation

    Inventor: Ilgen Banu Yuceer Saritha Arunkumar Juliet Grout Seema Nagar

    IPC: G06F21/55 H04L9/40

    CPC classification number: G06F21/554 H04L63/10 G06F2221/034

    Abstract: A computer-implemented method and a computer system for detecting and preventing distributed data exfiltration attacks. The computer system calculates historical usage statistics for a service, instances of the service, and clients requesting the instances, generates a baseline of normal usage activities for the clients and the instances based on the historical usage statistics, monitors current activities of the clients to build signatures of queries by the clients and signatures of the instances, and correlates the signatures to determine whether a data exfiltration attack is in progress. In response to determining that the data exfiltration attack is in progress, the computer system increases one or more risk scores corresponding to the data exfiltration attack. In response to determining that the one or more risk scores and an overall risk score of the service exceed a predetermined threshold, the computer system generates an alert of the data exfiltration attack.

    DETECTING AND PREVENTING DISTRIBUTED DATA EXFILTRATION ATTACKS
    4.
    发明公开
    DETECTING AND PREVENTING DISTRIBUTED DATA EXFILTRATION ATTACKS 审中-公开

    公开(公告)号:US20230153425A1

    公开(公告)日:2023-05-18

    申请号:US17455021

    申请日:2021-11-16

    Applicant: International Business Machines Corporation

    Inventor: Ilgen Banu Yuceer SARITHA ARUNKUMAR JULIET GROUT Seema Nagar

    IPC: G06F21/55 H04L29/06

    CPC classification number: G06F21/554 H04L63/10 G06F2221/034

    Abstract: A computer-implemented method and a computer system for detecting and preventing distributed data exfiltration attacks. The computer system calculates historical usage statistics for a service, instances of the service, and clients requesting the instances, generates a baseline of normal usage activities for the clients and the instances based on the historical usage statistics, monitors current activities of the clients to build signatures of queries by the clients and signatures of the instances, and correlates the signatures to determine whether a data exfiltration attack is in progress. In response to determining that the data exfiltration attack is in progress, the computer system increases one or more risk scores corresponding to the data exfiltration attack. In response to determining that the one or more risk scores and an overall risk score of the service exceed a predetermined threshold, the computer system generates an alert of the data exfiltration attack.

    Identifying cyber adversary behavior
    5.
    发明授权
    Identifying cyber adversary behavior 有权

    公开(公告)号:US11228612B2

    公开(公告)日:2022-01-18

    申请号:US16367739

    申请日:2019-03-28

    Applicant: International Business Machines Corporation

    Inventor: Sulakshan Vajipayajula Kaushal Kiran Kapadia Stephen Cameron Will Ilgen Banu Yuceer Kevin Tabb

    IPC: H04L29/06

    Abstract: Identifying cyber adversary behavior on a computer network is provided. Individual security events are received from multiple threat intelligence data sources. A security incident corresponding to an attack on at least one element of the computer network, the security incident being described by the individual security events received from the multiple threat intelligence data sources, is matched to a defined cyber adversary objective in a structured framework of a plurality of defined cyber adversary objectives and a related technique associated with the defined cyber adversary objective used by a cyber adversary in the attack. A set of mitigation actions is performed on the computer network based on matching the security incident corresponding to the attack on the computer network to the defined cyber adversary objective and the related technique.

    Visualizing Cybersecurity Incidents Using Knowledge Graph Data
    6.
    发明申请
    Visualizing Cybersecurity Incidents Using Knowledge Graph Data 有权

    公开(公告)号:US20210350248A1

    公开(公告)日:2021-11-11

    申请号:US16866691

    申请日:2020-05-05

    Applicant: International Business Machines Corporation

    Inventor: Elizabeth Margaret Rogers Andrea Lozano Terra Lynn Banal Ilgen Banu Yuceer James Loughran

    IPC: G06N5/02 H04L29/06

    Abstract: Information for a knowledge graph is accessed. The knowledge graph has nodes and edges of a network and has information about security incident(s) in the network. Related entities from the knowledge graph are grouped together, where the related entities that are grouped together are determined not only by types of the entities, but also by threat(s) impacting the entities. The threat(s) correspond to the security incident(s). The grouped related entities are arranged in visualization data in order that the visualization data are configured to provide a visualization of the knowledge graph with the grouped related entities. The visualization data are output. Methods, apparatus, and computer program products are disclosed.

    Identifying Cyber Adversary Behavior
    7.
    发明申请
    Identifying Cyber Adversary Behavior 审中-公开

    公开(公告)号:US20200314141A1

    公开(公告)日:2020-10-01

    申请号:US16367739

    申请日:2019-03-28

    Applicant: International Business Machines Corporation

    Inventor: Sulakshan Vajipayajula Kaushal Kiran Kapadia Stephen Cameron Will Ilgen Banu Yuceer Kevin Tabb

    IPC: H04L29/06

    Abstract: Identifying cyber adversary behavior on a computer network is provided. Individual security events are received from multiple threat intelligence data sources. A security incident corresponding to an attack on at least one element of the computer network, the security incident being described by the individual security events received from the multiple threat intelligence data sources, is matched to a defined cyber adversary objective in a structured framework of a plurality of defined cyber adversary objectives and a related technique associated with the defined cyber adversary objective used by a cyber adversary in the attack. A set of mitigation actions is performed on the computer network based on matching the security incident corresponding to the attack on the computer network to the defined cyber adversary objective and the related technique.

    USING CATEGORIZATION TAGS FOR RULE GENERATION AND UPDATE IN A RULES-BASED SECURITY SYSTEM
    9.
    发明公开
    USING CATEGORIZATION TAGS FOR RULE GENERATION AND UPDATE IN A RULES-BASED SECURITY SYSTEM 审中-公开

    公开(公告)号:US20240275817A1

    公开(公告)日:2024-08-15

    申请号:US18107729

    申请日:2023-02-09

    Applicant: International Business Machines Corporation

    Inventor: Juliet Grout Saritha Arunkumar Seema Nagar Ilgen Banu Yuceer

    IPC: H04L9/40 G06F16/28

    CPC classification number: H04L63/20 G06F16/285 H04L63/1425

    Abstract: A technique for classifying and handling threat data in a rules-based security system. For each rule in the set, a set of one or more first tags are generated. The tags categorize the rule according to a hierarchical scheme. In response to receipt of a new threat, the system automatically determines whether the existing set of rules provide an acceptable coverage for the new threat. This determination is made by generating a set of one or more second tags that categorize the new threat, and then comparing the set of one or more second tags with the set of one or more first tags according to given match criteria. Upon a determination that the set of rules do not provide an adequate coverage for the new threat, a recommendation is output from the system. The rules-based security system is then adjusted according to the recommendation for subsequent handling of the new threat.

    Detection of user behavior deviation from defined user groups
    10.
    发明授权
    Detection of user behavior deviation from defined user groups 有权

    公开(公告)号:US10938845B2

    公开(公告)日:2021-03-02

    申请号:US15975799

    申请日:2018-05-10

    Applicant: International Business Machines Corporation

    Inventor: Matthew Elsner Jian Lin Ronald Williams Ilgen Banu Yuceer

    IPC: H04L29/06 G06K9/62 H04L29/08 G06N20/00

    Abstract: A machine learning-based technique for user behavior analysis that detects when users deviate from expected behavior. In this approach, a set of user groups are provided, preferably based on information provided from a user registry. A set of training data for each of the set of user groups is then obtained, preferably by collecting security events generated for a collection of the users over a given time period (e.g., a last thirty (30) days). A machine learning system is then trained using the set of training data to produce a model that includes a set of clusters in user behavior model, wherein a cluster is a learned user group that corresponds to a defined user group. Once the model is built, it is used to identify users that deviate from their expected group behavior. In particular, the system compares a current behavior of a user against the model and flags anomalous behavior. The user behavior analysis may be implemented in a security platform, such as a SIEM.

Patent Agency Ranking