-
公开(公告)号:US10305917B2
公开(公告)日:2019-05-28
申请号:US15213896
申请日:2016-07-19
Applicant: NEC Laboratories America, Inc.
Inventor: Zhengzhang Chen , LuAn Tang , Boxiang Dong , Guofei Jiang , Haifeng Chen
Abstract: Methods and systems for detecting malicious processes include modeling system data as a graph comprising vertices that represent system entities and edges that represent events between respective system entities. Each edge has one or more timestamps corresponding respective events between two system entities. A set of valid path patterns that relate to potential attacks is generated. One or more event sequences in the system are determined to be suspicious based on the graph and the valid path patterns using a random walk on the graph.
-
公开(公告)号:US20160330226A1
公开(公告)日:2016-11-10
申请号:US15213896
申请日:2016-07-19
Applicant: NEC Laboratories America, Inc.
Inventor: Zhengzhang Chen , LuAn Tang , Boxiang Dong , Guofei Jiang , Haifeng Chen
CPC classification number: H04L63/14 , G06F21/55 , H04L29/06877 , H04L29/06891 , H04L29/06911 , H04L41/12 , H04L41/142 , H04L63/1416 , H04L2463/121
Abstract: Methods and systems for detecting malicious processes include modeling system data as a graph comprising vertices that represent system entities and edges that represent events between respective system entities. Each edge has one or more timestamps corresponding respective events between two system entities. A set of valid path patterns that relate to potential attacks is generated. One or more event sequences in the system are determined to be suspicious based on the graph and the valid path patterns using a random walk on the graph.
Abstract translation: 用于检测恶意进程的方法和系统包括将系统数据建模为包括表示系统实体的顶点和表示各个系统实体之间的事件的边的图。 每个边缘具有对应于两个系统实体之间的相应事件的一个或多个时间戳。 产生一组与潜在攻击有关的有效路径模式。 系统中的一个或多个事件序列被确定为可疑的基于图和有效的路径模式使用图形上的随机游走。
-
Search Results
2
records
(took 0.012 seconds)
