EVENT CORRELATION ACROSS HETEROGENEOUS OPERATIONS
Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining a network security threat response. A data structure that represents communication events between computing devices of two or more network domains is received. The data structure is analyz...
Gespeichert in:
| Hauptverfasser: | , , , |
|---|---|
| Format: | Patent |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Negm Walid Mulchandani Shaan Modi Shimon Hassanzadeh Amin |
| description | Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining a network security threat response. A data structure that represents communication events between computing devices of two or more network domains is received. The data structure is analyzed and a threat scenario that is based on a chain of communication events that indicates a potential attack path is determined. The chain of communication events include a sequence of communication events between computing devices proceeding from an originating computing device to a destination computing device, wherein the originating computing device and the destination computing device exist on different network domains. Attack pattern data, for the threat scenario and from a threat intelligence data source, that is associated with communications between computing devices that occurred during one or more prior attacks is received. Based on the threat scenario and the attack pattern data, one or more courses of action for responding to the threat scenario is determined, and information associated with the one or more courses of action is provided. |
| format | Patent |
| fullrecord | <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US2017318050A1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US2017318050A1</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US2017318050A13</originalsourceid><addsrcrecordid>eNrjZDB0DXP1C1Fw9g8KcvVxDPH091NwdA7yDw5W8HANcQ3yd3f1c_UPDVbwD3ANAksH8zCwpiXmFKfyQmluBmU31xBnD93Ugvz41OKCxOTUvNSS-NBgIwNDc2NDCwNTA0dDY-JUAQAjZSfy</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>EVENT CORRELATION ACROSS HETEROGENEOUS OPERATIONS</title><source>esp@cenet</source><creator>Negm Walid ; Mulchandani Shaan ; Modi Shimon ; Hassanzadeh Amin</creator><creatorcontrib>Negm Walid ; Mulchandani Shaan ; Modi Shimon ; Hassanzadeh Amin</creatorcontrib><description>Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining a network security threat response. A data structure that represents communication events between computing devices of two or more network domains is received. The data structure is analyzed and a threat scenario that is based on a chain of communication events that indicates a potential attack path is determined. The chain of communication events include a sequence of communication events between computing devices proceeding from an originating computing device to a destination computing device, wherein the originating computing device and the destination computing device exist on different network domains. Attack pattern data, for the threat scenario and from a threat intelligence data source, that is associated with communications between computing devices that occurred during one or more prior attacks is received. Based on the threat scenario and the attack pattern data, one or more courses of action for responding to the threat scenario is determined, and information associated with the one or more courses of action is provided.</description><language>eng</language><subject>ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRICITY ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2017</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20171102&DB=EPODOC&CC=US&NR=2017318050A1$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,780,885,25564,76547</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20171102&DB=EPODOC&CC=US&NR=2017318050A1$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>Negm Walid</creatorcontrib><creatorcontrib>Mulchandani Shaan</creatorcontrib><creatorcontrib>Modi Shimon</creatorcontrib><creatorcontrib>Hassanzadeh Amin</creatorcontrib><title>EVENT CORRELATION ACROSS HETEROGENEOUS OPERATIONS</title><description>Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining a network security threat response. A data structure that represents communication events between computing devices of two or more network domains is received. The data structure is analyzed and a threat scenario that is based on a chain of communication events that indicates a potential attack path is determined. The chain of communication events include a sequence of communication events between computing devices proceeding from an originating computing device to a destination computing device, wherein the originating computing device and the destination computing device exist on different network domains. Attack pattern data, for the threat scenario and from a threat intelligence data source, that is associated with communications between computing devices that occurred during one or more prior attacks is received. Based on the threat scenario and the attack pattern data, one or more courses of action for responding to the threat scenario is determined, and information associated with the one or more courses of action is provided.</description><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRICITY</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2017</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNrjZDB0DXP1C1Fw9g8KcvVxDPH091NwdA7yDw5W8HANcQ3yd3f1c_UPDVbwD3ANAksH8zCwpiXmFKfyQmluBmU31xBnD93Ugvz41OKCxOTUvNSS-NBgIwNDc2NDCwNTA0dDY-JUAQAjZSfy</recordid><startdate>20171102</startdate><enddate>20171102</enddate><creator>Negm Walid</creator><creator>Mulchandani Shaan</creator><creator>Modi Shimon</creator><creator>Hassanzadeh Amin</creator><scope>EVB</scope></search><sort><creationdate>20171102</creationdate><title>EVENT CORRELATION ACROSS HETEROGENEOUS OPERATIONS</title><author>Negm Walid ; Mulchandani Shaan ; Modi Shimon ; Hassanzadeh Amin</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US2017318050A13</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2017</creationdate><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRICITY</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>Negm Walid</creatorcontrib><creatorcontrib>Mulchandani Shaan</creatorcontrib><creatorcontrib>Modi Shimon</creatorcontrib><creatorcontrib>Hassanzadeh Amin</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Negm Walid</au><au>Mulchandani Shaan</au><au>Modi Shimon</au><au>Hassanzadeh Amin</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>EVENT CORRELATION ACROSS HETEROGENEOUS OPERATIONS</title><date>2017-11-02</date><risdate>2017</risdate><abstract>Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining a network security threat response. A data structure that represents communication events between computing devices of two or more network domains is received. The data structure is analyzed and a threat scenario that is based on a chain of communication events that indicates a potential attack path is determined. The chain of communication events include a sequence of communication events between computing devices proceeding from an originating computing device to a destination computing device, wherein the originating computing device and the destination computing device exist on different network domains. Attack pattern data, for the threat scenario and from a threat intelligence data source, that is associated with communications between computing devices that occurred during one or more prior attacks is received. Based on the threat scenario and the attack pattern data, one or more courses of action for responding to the threat scenario is determined, and information associated with the one or more courses of action is provided.</abstract><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_epo_espacenet_US2017318050A1 |
| source | esp@cenet |
| subjects | ELECTRIC COMMUNICATION TECHNIQUE ELECTRICITY TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION |
| title | EVENT CORRELATION ACROSS HETEROGENEOUS OPERATIONS |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-03T06%3A35%3A26IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=Negm%20Walid&rft.date=2017-11-02&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS2017318050A1%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |