-
公开(公告)号:US20170244733A1
公开(公告)日:2017-08-24
申请号:US15416462
申请日:2017-01-26
Applicant: NEC Laboratories America, Inc.
Inventor: Zhenyu Wu , Zhichun Li , Jungwhan Rhee , Fengyuan Xu , Guofei Jiang , Kangkook Jee , Xusheng Xiao , Zhang Xu
IPC: H04L29/06
CPC classification number: H04L63/1425 , G06F21/55 , G06F21/552 , H04L63/1416
Abstract: Methods and systems for intrusion detection include determining a causality trace for a flagged event. Determining the causality trace includes identifying a hot process that generates bursts of events with interleaved dependencies, aggregating events related to the hot process according to a process-centric dependency approximation that ignores dependencies between the events related to the hot process, and tracking causality in a reduced event stream that comprises the aggregated events. It is determined whether an intrusion has occurred based on the causality trace. One or more mitigation actions is performed if it is determined that an intrusion has occurred.
-
公开(公告)号:US20170244620A1
公开(公告)日:2017-08-24
申请号:US15416346
申请日:2017-01-26
Applicant: NEC Laboratories America, Inc.
Inventor: Zhenyu Wu , Zhichun Li , Jungwhan Rhee , Fengyuan Xu , Guofei Jiang , Kangkook Jee , Xusheng Xiao , Zhang Xu
CPC classification number: H04L63/1425 , G06F21/55 , G06F21/552 , H04L63/1416
Abstract: Methods and systems for dependency tracking include identifying a hot process that generates bursts of events with interleaved dependencies. Events related to the hot process are aggregated according to a process-centric dependency approximation that ignores dependencies between the events related to the hot process. Causality in a reduced event stream that comprises the aggregated events is tracked.
-
Search Results
2
records
(took 0.011 seconds)
