COMPUTER SECURITY ATTACK DETECTION USING DISTRIBUTION DEPARTURE

COMPUTER SECURITY ATTACK DETECTION USING DISTRIBUTION DEPARTURE

Described technologies automatically detect computing system security attacks. Departure of occurrence distributions, which are based on leading digit(s) of digital item occurrence data, from model distributions that correspond to particular data sources, indicates a presence likelihood for particul...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: IWANIR, Elad, GABAEV, Yuri, TAMIR, Gal
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Described technologies automatically detect computing system security attacks. Departure of occurrence distributions, which are based on leading digit(s) of digital item occurrence data, from model distributions that correspond to particular data sources, indicates a presence likelihood for particular attack types. Some model distributions exhibit Benford's Phenomenon. Described mechanisms detect security attack types such as ransomware, bitcoin mining, and others, using particular corresponding data sources such as file extensions, processor statistics, etc. Mechanisms detect security attacks without a captured baseline of healthy normal behavior, and without relying on malware code signatures. When an item occurrence distribution departs from a model distribution by at least a predefined degree, the technology electronically raises a security attack alert. Then countermeasures may be asserted for a possible type X security attack on the computing system. Countermeasures may include more computationally intensive tests for determining the precise extent or precise nature of an attack, for instance.