-
公开(公告)号:US10367842B2
公开(公告)日:2019-07-30
申请号:US15902318
申请日:2018-02-22
Applicant: NEC Laboratories America, Inc.
Inventor: Zhengzhang Chen , LuAn Tang , Zhichun Li , Cheng Cao
Abstract: Systems and methods for determining a risk level of a host in a network include modeling a target host's behavior based on historical events recorded at the target host. One or more original peer hosts having behavior similar to the target host's behavior are determined. An anomaly score for the target host is determined based on how the target host's behavior changes relative to behavior of the one or more original peer hosts over time. A security management action is performed based on the anomaly score.
-
Patent Agency Ranking
公开(公告)号:US10476753B2
公开(公告)日:2019-11-12
申请号:US15902369
申请日:2018-02-22
Applicant: NEC Laboratories America, Inc.
Inventor: Zhengzhang Chen , LuAn Tang , Zhichun Li , Cheng Cao
Abstract: Methods and systems for modeling host behavior in a network include determining a first probability function for observing each of a set of process-level events at a first host based on embedding vectors for the first event and the first host. A second probability function is determined for the first host issuing each of a set of network-level events connecting to a second host based on embedding vectors for the first host and the second host. The first and second probability functions are maximized to determine a set of likely process-level and network-level events for the first host. A security action is performed based on the modeled host behavior.
-
公开(公告)号:US20180183680A1
公开(公告)日:2018-06-28
申请号:US15902369
申请日:2018-02-22
Applicant: NEC Laboratories America, Inc.
Inventor: Zhengzhang Chen , LuAn Tang , Zhichun Li , Cheng Cao
CPC classification number: H04L41/145 , G06F17/18 , H04L41/046 , H04L43/08 , H04L63/1425 , H04L63/20 , H04W12/00505
Abstract: Methods and systems for modeling host behavior in a network include determining a first probability function for observing each of a set of process-level events at a first host based on embedding vectors for the first event and the first host. A second probability function is determined for the first host issuing each of a set of network-level events connecting to a second host based on embedding vectors for the first host and the second host. The first and second probability functions are maximized to determine a set of likely process-level and network-level events for the first host. A security action is performed based on the modeled host behavior.
-
公开(公告)号:US10476754B2
公开(公告)日:2019-11-12
申请号:US15902432
申请日:2018-02-22
Applicant: NEC Laboratories America, Inc.
Inventor: Zhengzhang Chen , LuAn Tang , Zhichun Li , Cheng Cao
Abstract: Methods and systems for detecting host community include modeling a target host's behavior based on historical events recorded at the target host. One or more original peer hosts having behavior similar to the target host's behavior are found by determining a distance in a latent space that embeds the historical events between events of the target host and events of the one or more original peer hosts. A security management action is performed based on behavior of the target host and the determined one or more original peer hosts.
-
公开(公告)号:US20180183824A1
公开(公告)日:2018-06-28
申请号:US15902318
申请日:2018-02-22
Applicant: NEC Laboratories America, Inc.
Inventor: Zhengzhang Chen , LuAn Tang , Zhichun Li , Cheng Cao
IPC: H04L29/06
CPC classification number: H04L63/1425 , G06F21/554 , H04L63/1416 , H04L63/1433
Abstract: Systems and methods for determining a risk level of a host in a network include modeling a target host's behavior based on historical events recorded at the target host. One or more original peer hosts having behavior similar to the target host's behavior are determined. An anomaly score for the target host is determined based on how the target host's behavior changes relative to behavior of the one or more original peer hosts over time. A security management action is performed based on the anomaly score.
-
公开(公告)号:US20180183681A1
公开(公告)日:2018-06-28
申请号:US15902432
申请日:2018-02-22
Applicant: NEC Laboratories America, Inc.
Inventor: Zhengzhang Chen , LuAn Tang , Zhichun Li , Cheng Cao
CPC classification number: H04L41/145 , G06F21/554 , H04L41/046 , H04L41/142 , H04L43/08 , H04L63/1416 , H04L63/1441
Abstract: Methods and systems for detecting host community include modeling a target host's behavior based on historical events recorded at the target host. One or more original peer hosts having behavior similar to the target host's behavior are found by determining a distance in a latent space that embeds the historical events between events of the target host and events of the one or more original peer hosts. A security management action is performed based on behavior of the target host and the determined one or more original peer hosts.
-
-
-
-
-
Search Results
6
records
(took 0.018 seconds)
