System and method of processing information security events to detect cyberattacks

A method for processing information security events of a computer system includes receiving information related to a plurality of information security events occurred in the computer system. Each of the events includes an event related to a possible violation of information security of the computer...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Soldatov, Sergey V, Udimov, Daniil A, Filonov, Pavel V
Format: Patent
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A method for processing information security events of a computer system includes receiving information related to a plurality of information security events occurred in the computer system. Each of the events includes an event related to a possible violation of information security of the computer system. A verdict is determined for each of the events. The verdict includes: i) information security incident or ii) false positive. The verdict is false positive if the probability of a false positive for the corresponding event is greater than a first threshold. Verdicts are changed for a subset of the events from the false positive to the information security incident. A number of events in the subset is lower than a second threshold. An analysis of the events having a verdict of the information security incident is performed to determine if the computer system is under a cyberattack.