公开(公告)号：US11601442B2

公开(公告)日：2023-03-07

申请号：US16544401

申请日：2019-08-19

申请人： The Research Foundation for the State University of New York ,  The University of Illinois at Chicago

发明人： Ramasubramanian Sekar ,  Junao Wang ,  Md Nahid Hossain ,  Sadegh M. Milajerdi ,  Birhanu Eshete ,  Rigel Gjomemo ,  V. N. Venkatakrishnan ,  Scott Stoller

IPC分类号： H04L9/40

摘要： A system associated with detecting a cyber-attack and reconstructing events associated with a cyber-attack campaign, is disclosed. The system performs various operations that include receiving an audit data stream associated with cyber events. The system identifies trustworthiness values in a portion of data associated with the cyber events and assigns provenance tags to the portion of the data based on the identified trustworthiness values. An initial visual representation is generated based on the assigned provenance tags to the portion of the data. The initial visual representation is condensed based on a backward traversal of the initial visual representation in identifying a shortest path from a suspect node to an entry point node. A scenario visual representation is generated that specifies nodes most relevant to the cyber events associated with the cyber-attack based on the identified shortest path.
A corresponding method and computer-readable medium are also disclosed.

公开(公告)号：US20200059481A1

公开(公告)日：2020-02-20

申请号：US16544401

申请日：2019-08-19

申请人： The Research Foundation for the State University of New York ,  The University of Illinois at Chicago

发明人： Ramasubramanian Sekar ,  Junao Wang ,  Md Nahid Hossain ,  Sadegh M. Milajerdi ,  Birhanu Eshete ,  Rigel Gjomemo ,  V.N. Venkatakrishnan ,  Scott Stoller

IPC分类号： H04L29/06

摘要： A system associated with detecting a cyber-attack and reconstructing events associated with a cyber-attack campaign, is disclosed. The system performs various operations that include receiving an audit data stream associated with cyber events. The system identifies trustworthiness values in a portion of data associated with the cyber events and assigns provenance tags to the portion of the data based on the identified trustworthiness values. An initial visual representation is generated based on the assigned provenance tags to the portion of the data. The initial visual representation is condensed based on a backward traversal of the initial visual representation in identifying a shortest path from a suspect node to an entry point node. A scenario visual representation is generated that specifies nodes most relevant to the cyber events associated with the cyber-attack based on the identified shortest path.A corresponding method and computer-readable medium are also disclosed.