COMPUTER SECURITY ATTACK DETECTION USING DISTRIBUTION DEPARTURE
Described technologies automatically detect computing system security attacks. Departure of occurrence distributions, which are based on leading digit(s) of digital item occurrence data, from model distributions that correspond to particular data sources, indicates a presence likelihood for particul...
Gespeichert in:
| Hauptverfasser: | , , |
|---|---|
| Format: | Patent |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | IWANIR, Elad GABAEV, Yuri TAMIR, Gal |
| description | Described technologies automatically detect computing system security attacks. Departure of occurrence distributions, which are based on leading digit(s) of digital item occurrence data, from model distributions that correspond to particular data sources, indicates a presence likelihood for particular attack types. Some model distributions exhibit Benford's Phenomenon. Described mechanisms detect security attack types such as ransomware, bitcoin mining, and others, using particular corresponding data sources such as file extensions, processor statistics, etc. Mechanisms detect security attacks without a captured baseline of healthy normal behavior, and without relying on malware code signatures. When an item occurrence distribution departs from a model distribution by at least a predefined degree, the technology electronically raises a security attack alert. Then countermeasures may be asserted for a possible type X security attack on the computing system. Countermeasures may include more computationally intensive tests for determining the precise extent or precise nature of an attack, for instance. |
| format | Patent |
| fullrecord | <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US2018278647A1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US2018278647A1</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US2018278647A13</originalsourceid><addsrcrecordid>eNrjZLB39vcNCA1xDVIIdnUODfIMiVRwDAlxdPZWcHENcXUO8fT3UwgN9vRzV3DxDA4J8nQKBQu5uAY4BoWEBrnyMLCmJeYUp_JCaW4GZTfXEGcP3dSC_PjU4oLE5NS81JL40GAjA0MLI3MLMxNzR0Nj4lQBAHcbLAQ</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>COMPUTER SECURITY ATTACK DETECTION USING DISTRIBUTION DEPARTURE</title><source>esp@cenet</source><creator>IWANIR, Elad ; GABAEV, Yuri ; TAMIR, Gal</creator><creatorcontrib>IWANIR, Elad ; GABAEV, Yuri ; TAMIR, Gal</creatorcontrib><description>Described technologies automatically detect computing system security attacks. Departure of occurrence distributions, which are based on leading digit(s) of digital item occurrence data, from model distributions that correspond to particular data sources, indicates a presence likelihood for particular attack types. Some model distributions exhibit Benford's Phenomenon. Described mechanisms detect security attack types such as ransomware, bitcoin mining, and others, using particular corresponding data sources such as file extensions, processor statistics, etc. Mechanisms detect security attacks without a captured baseline of healthy normal behavior, and without relying on malware code signatures. When an item occurrence distribution departs from a model distribution by at least a predefined degree, the technology electronically raises a security attack alert. Then countermeasures may be asserted for a possible type X security attack on the computing system. Countermeasures may include more computationally intensive tests for determining the precise extent or precise nature of an attack, for instance.</description><language>eng</language><subject>CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRIC DIGITAL DATA PROCESSING ; ELECTRICITY ; PHYSICS ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2018</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20180927&DB=EPODOC&CC=US&NR=2018278647A1$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,776,881,25542,76290</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20180927&DB=EPODOC&CC=US&NR=2018278647A1$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>IWANIR, Elad</creatorcontrib><creatorcontrib>GABAEV, Yuri</creatorcontrib><creatorcontrib>TAMIR, Gal</creatorcontrib><title>COMPUTER SECURITY ATTACK DETECTION USING DISTRIBUTION DEPARTURE</title><description>Described technologies automatically detect computing system security attacks. Departure of occurrence distributions, which are based on leading digit(s) of digital item occurrence data, from model distributions that correspond to particular data sources, indicates a presence likelihood for particular attack types. Some model distributions exhibit Benford's Phenomenon. Described mechanisms detect security attack types such as ransomware, bitcoin mining, and others, using particular corresponding data sources such as file extensions, processor statistics, etc. Mechanisms detect security attacks without a captured baseline of healthy normal behavior, and without relying on malware code signatures. When an item occurrence distribution departs from a model distribution by at least a predefined degree, the technology electronically raises a security attack alert. Then countermeasures may be asserted for a possible type X security attack on the computing system. Countermeasures may include more computationally intensive tests for determining the precise extent or precise nature of an attack, for instance.</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>ELECTRICITY</subject><subject>PHYSICS</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2018</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNrjZLB39vcNCA1xDVIIdnUODfIMiVRwDAlxdPZWcHENcXUO8fT3UwgN9vRzV3DxDA4J8nQKBQu5uAY4BoWEBrnyMLCmJeYUp_JCaW4GZTfXEGcP3dSC_PjU4oLE5NS81JL40GAjA0MLI3MLMxNzR0Nj4lQBAHcbLAQ</recordid><startdate>20180927</startdate><enddate>20180927</enddate><creator>IWANIR, Elad</creator><creator>GABAEV, Yuri</creator><creator>TAMIR, Gal</creator><scope>EVB</scope></search><sort><creationdate>20180927</creationdate><title>COMPUTER SECURITY ATTACK DETECTION USING DISTRIBUTION DEPARTURE</title><author>IWANIR, Elad ; GABAEV, Yuri ; TAMIR, Gal</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US2018278647A13</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2018</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>ELECTRICITY</topic><topic>PHYSICS</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>IWANIR, Elad</creatorcontrib><creatorcontrib>GABAEV, Yuri</creatorcontrib><creatorcontrib>TAMIR, Gal</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>IWANIR, Elad</au><au>GABAEV, Yuri</au><au>TAMIR, Gal</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>COMPUTER SECURITY ATTACK DETECTION USING DISTRIBUTION DEPARTURE</title><date>2018-09-27</date><risdate>2018</risdate><abstract>Described technologies automatically detect computing system security attacks. Departure of occurrence distributions, which are based on leading digit(s) of digital item occurrence data, from model distributions that correspond to particular data sources, indicates a presence likelihood for particular attack types. Some model distributions exhibit Benford's Phenomenon. Described mechanisms detect security attack types such as ransomware, bitcoin mining, and others, using particular corresponding data sources such as file extensions, processor statistics, etc. Mechanisms detect security attacks without a captured baseline of healthy normal behavior, and without relying on malware code signatures. When an item occurrence distribution departs from a model distribution by at least a predefined degree, the technology electronically raises a security attack alert. Then countermeasures may be asserted for a possible type X security attack on the computing system. Countermeasures may include more computationally intensive tests for determining the precise extent or precise nature of an attack, for instance.</abstract><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_epo_espacenet_US2018278647A1 |
| source | esp@cenet |
| subjects | CALCULATING COMPUTING COUNTING ELECTRIC COMMUNICATION TECHNIQUE ELECTRIC DIGITAL DATA PROCESSING ELECTRICITY PHYSICS TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION |
| title | COMPUTER SECURITY ATTACK DETECTION USING DISTRIBUTION DEPARTURE |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-02T04%3A39%3A21IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=IWANIR,%20Elad&rft.date=2018-09-27&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS2018278647A1%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |