公开(公告)号：US20170318051A1

公开(公告)日：2017-11-02

申请号：US15596515

申请日：2017-05-16

申请人： Securboration, Inc.

发明人： Anthony Stirtzinger ,  Keith Shapiro ,  Brian Warhover ,  Bruce McQueary

IPC分类号： H04L29/06 ,  H04W12/12

CPC分类号： H04L63/1441 ,  H04L63/1408 ,  H04W12/12

摘要： Systems, methods, and apparatus for identifying anomalous behavior are provided. For example, a method may include receiving raw data, generating a behavior profile for the entity based on the raw data, receiving comparison data, determining whether the comparison data deviates from a pattern of behavior defined in the behavior profile, and identifying the comparison data as anomalous behavior when the comparison data deviates from the pattern of behavior. In one embodiment, the raw data includes recorded activity for the entity. In one embodiment, the behavior profile defines a pattern of behavior for the entity. In one embodiment, a countermeasure is performed upon identifying anomalous behavior. The countermeasure may include at least one of revoking the entity's credentials, denying the entity access to a resource, shutting down access to a port, and denying access to the entity. The method may further include providing a report of the anomalous behavior.

公开(公告)号：US20140143873A1

公开(公告)日：2014-05-22

申请号：US14085493

申请日：2013-11-20

申请人： Securboration, Inc.

发明人： Anthony Stirtzinger ,  Keith Shapiro ,  Brian Warhover ,  Bruce McQueary

IPC分类号： H04L29/06

CPC分类号： H04L63/1441 ,  H04L63/1408 ,  H04W12/12

摘要： Systems, methods, and apparatus for identifying anomalous behavior are provided. For example, a method may include receiving raw data, generating a behavior profile for the entity based on the raw data, receiving comparison data, determining whether the comparison data deviates from a pattern of behavior defined in the behavior profile, and identifying the comparison data as anomalous behavior when the comparison data deviates from the pattern of behavior. In one embodiment, the raw data includes recorded activity for the entity. In one embodiment, the behavior profile defines a pattern of behavior for the entity. In one embodiment, a countermeasure is performed upon identifying anomalous behavior. The countermeasure may include at least one of revoking the entity's credentials, denying the entity access to a resource, shutting down access to a port, and denying access to the entity. The method may further include providing a report of the anomalous behavior.

摘要翻译： 提供了用于识别异常行为的系统，方法和装置。 例如，方法可以包括接收原始数据，基于原始数据生成实体的行为简档，接收比较数据，确定比较数据是否偏离行为简档中定义的行为模式，以及识别比较数据 作为比较数据偏离行为模式的异常行为。 在一个实施例中，原始数据包括实体的记录活动。 在一个实施例中，行为简档定义了实体的行为模式。 在一个实施例中，在识别异常行为时执行对策。 对策可以包括撤销实体的凭证，拒绝实体对资源的访问，关闭对端口的访问以及拒绝对该实体的访问中的至少一个。 该方法还可以包括提供异常行为的报告。

公开(公告)号：US10205740B2

公开(公告)日：2019-02-12

申请号：US15596515

申请日：2017-05-16

申请人： Securboration, Inc.

发明人： Anthony Stirtzinger ,  Keith Shapiro ,  Brian Warhover ,  Bruce McQueary

IPC分类号： G06F11/00 ,  H04L29/06 ,  H04W12/12

摘要： Systems, methods, and apparatus for identifying anomalous behavior are provided. For example, a method may include receiving raw data, generating a behavior profile for the entity based on the raw data, receiving comparison data, determining whether the comparison data deviates from a pattern of behavior defined in the behavior profile, and identifying the comparison data as anomalous behavior when the comparison data deviates from the pattern of behavior. In one embodiment, the raw data includes recorded activity for the entity. In one embodiment, the behavior profile defines a pattern of behavior for the entity. In one embodiment, a countermeasure is performed upon identifying anomalous behavior. The countermeasure may include at least one of revoking the entity's credentials, denying the entity access to a resource, shutting down access to a port, and denying access to the entity. The method may further include providing a report of the anomalous behavior.

公开(公告)号：US09686305B2

公开(公告)日：2017-06-20

申请号：US14085493

申请日：2013-11-20

申请人： Securboration, Inc.

发明人： Anthony Stirtzinger ,  Keith Shapiro ,  Brian Warhover ,  Bruce McQueary

IPC分类号： G06F11/00 ,  H04L29/06 ,  H04W12/12

CPC分类号： H04L63/1441 ,  H04L63/1408 ,  H04W12/12

摘要： Systems, methods, and apparatus for identifying anomalous behavior are provided. For example, a method may include receiving raw data, generating a behavior profile for the entity based on the raw data, receiving comparison data, determining whether the comparison data deviates from a pattern of behavior defined in the behavior profile, and identifying the comparison data as anomalous behavior when the comparison data deviates from the pattern of behavior. In one embodiment, the raw data includes recorded activity for the entity. In one embodiment, the behavior profile defines a pattern of behavior for the entity. In one embodiment, a countermeasure is performed upon identifying anomalous behavior. The countermeasure may include at least one of revoking the entity's credentials, denying the entity access to a resource, shutting down access to a port, and denying access to the entity. The method may further include providing a report of the anomalous behavior.