Performing cybersecurity operations based on impact scores of computing events over a rolling time interval

Performing cybersecurity operations based on impact scores of computing events over a rolling time interval

The disclosure herein describes automatically performing security operations associated with a client system based on aggregated event impact scores of computing events during a rolling time interval. Event data is obtained, wherein the event data is from a plurality of computing devices of the clie...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Raz, Barak, Eran, Ereli, Mo, Zhen, Ganti, Vijay
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator Raz, Barak
Eran, Ereli
Mo, Zhen
Ganti, Vijay
description The disclosure herein describes automatically performing security operations associated with a client system based on aggregated event impact scores of computing events during a rolling time interval. Event data is obtained, wherein the event data is from a plurality of computing devices of the client system associated with computing events occurring during a time interval after an endpoint of the rolling time interval. Event impact scores are calculated for the computing events of the obtained event data over the time interval based at least on cardinality estimation. The calculated event impact scores are merged into the set of aggregated event impact scores associated with the rolling time interval and event impact scores associated with an expired time interval are removed from the set of aggregated event impact scores. Based on the set of aggregated event impact scores, at least one security operation is performed for at least one computing event.
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US11689545B2</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US11689545B2</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US11689545B23</originalsourceid><addsrcrecordid>eNqNjDEKwkAQRdNYiHqH8QAWUSPaKoqloNZhs_7IYnZnmZ0EcnsT8ABWDx7v_2n2uUFqFu_Cm2xfQRJsK0574ggx6jgkqkzCiziQ89FYpWRZkIhrsuxjq-MYHYIOroOQIeGmGa06D3JBIZ1p5tmkNk3C4sdZtrycH6frCpFLpOEaAVo-73m-2x-KbXFcb_5pvnOgQo8</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Performing cybersecurity operations based on impact scores of computing events over a rolling time interval</title><source>esp@cenet</source><creator>Raz, Barak ; Eran, Ereli ; Mo, Zhen ; Ganti, Vijay</creator><creatorcontrib>Raz, Barak ; Eran, Ereli ; Mo, Zhen ; Ganti, Vijay</creatorcontrib><description>The disclosure herein describes automatically performing security operations associated with a client system based on aggregated event impact scores of computing events during a rolling time interval. Event data is obtained, wherein the event data is from a plurality of computing devices of the client system associated with computing events occurring during a time interval after an endpoint of the rolling time interval. Event impact scores are calculated for the computing events of the obtained event data over the time interval based at least on cardinality estimation. The calculated event impact scores are merged into the set of aggregated event impact scores associated with the rolling time interval and event impact scores associated with an expired time interval are removed from the set of aggregated event impact scores. Based on the set of aggregated event impact scores, at least one security operation is performed for at least one computing event.</description><language>eng</language><subject>ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRICITY ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2023</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20230627&amp;DB=EPODOC&amp;CC=US&amp;NR=11689545B2$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,780,885,25564,76547</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20230627&amp;DB=EPODOC&amp;CC=US&amp;NR=11689545B2$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>Raz, Barak</creatorcontrib><creatorcontrib>Eran, Ereli</creatorcontrib><creatorcontrib>Mo, Zhen</creatorcontrib><creatorcontrib>Ganti, Vijay</creatorcontrib><title>Performing cybersecurity operations based on impact scores of computing events over a rolling time interval</title><description>The disclosure herein describes automatically performing security operations associated with a client system based on aggregated event impact scores of computing events during a rolling time interval. Event data is obtained, wherein the event data is from a plurality of computing devices of the client system associated with computing events occurring during a time interval after an endpoint of the rolling time interval. Event impact scores are calculated for the computing events of the obtained event data over the time interval based at least on cardinality estimation. The calculated event impact scores are merged into the set of aggregated event impact scores associated with the rolling time interval and event impact scores associated with an expired time interval are removed from the set of aggregated event impact scores. Based on the set of aggregated event impact scores, at least one security operation is performed for at least one computing event.</description><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRICITY</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2023</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNqNjDEKwkAQRdNYiHqH8QAWUSPaKoqloNZhs_7IYnZnmZ0EcnsT8ABWDx7v_2n2uUFqFu_Cm2xfQRJsK0574ggx6jgkqkzCiziQ89FYpWRZkIhrsuxjq-MYHYIOroOQIeGmGa06D3JBIZ1p5tmkNk3C4sdZtrycH6frCpFLpOEaAVo-73m-2x-KbXFcb_5pvnOgQo8</recordid><startdate>20230627</startdate><enddate>20230627</enddate><creator>Raz, Barak</creator><creator>Eran, Ereli</creator><creator>Mo, Zhen</creator><creator>Ganti, Vijay</creator><scope>EVB</scope></search><sort><creationdate>20230627</creationdate><title>Performing cybersecurity operations based on impact scores of computing events over a rolling time interval</title><author>Raz, Barak ; Eran, Ereli ; Mo, Zhen ; Ganti, Vijay</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US11689545B23</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2023</creationdate><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRICITY</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>Raz, Barak</creatorcontrib><creatorcontrib>Eran, Ereli</creatorcontrib><creatorcontrib>Mo, Zhen</creatorcontrib><creatorcontrib>Ganti, Vijay</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Raz, Barak</au><au>Eran, Ereli</au><au>Mo, Zhen</au><au>Ganti, Vijay</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Performing cybersecurity operations based on impact scores of computing events over a rolling time interval</title><date>2023-06-27</date><risdate>2023</risdate><abstract>The disclosure herein describes automatically performing security operations associated with a client system based on aggregated event impact scores of computing events during a rolling time interval. Event data is obtained, wherein the event data is from a plurality of computing devices of the client system associated with computing events occurring during a time interval after an endpoint of the rolling time interval. Event impact scores are calculated for the computing events of the obtained event data over the time interval based at least on cardinality estimation. The calculated event impact scores are merged into the set of aggregated event impact scores associated with the rolling time interval and event impact scores associated with an expired time interval are removed from the set of aggregated event impact scores. Based on the set of aggregated event impact scores, at least one security operation is performed for at least one computing event.</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language eng
recordid cdi_epo_espacenet_US11689545B2
source esp@cenet
subjects ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
title Performing cybersecurity operations based on impact scores of computing events over a rolling time interval
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-21T17%3A33%3A22IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=Raz,%20Barak&rft.date=2023-06-27&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS11689545B2%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true