NETWORK ACTIVITY IDENTIFICATION AND CHARACTERIZATION BASED ON CHARACTERISTIC ACTIVE DIRECTORY (AD) EVENT SEGMENTS

NETWORK ACTIVITY IDENTIFICATION AND CHARACTERIZATION BASED ON CHARACTERISTIC ACTIVE DIRECTORY (AD) EVENT SEGMENTS

A system and method of obtaining and utilizing an activity signature that is representative of a specific category of network activities based on directory service (DS) log data. The activity signature may be determining by a learning process, including segmenting and pruning a training dataset into...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Durairaj, Satheesh Kumar Joseph, Miskovic, Stanislav, Terzis, Dimitrios, Apostolopulous, George
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A system and method of obtaining and utilizing an activity signature that is representative of a specific category of network activities based on directory service (DS) log data. The activity signature may be determining by a learning process, including segmenting and pruning a training dataset into a plurality of event segments and matching them with activities based on DS log data of known activities. Once obtained, the activity signature can advantageously be utilized to analyze any DS log data and activities in actual deployment. Using activity signatures to analyze DS event log can reveal roles of event-collection machines, aggregate information dispersed across their component events to reveal actors involved in particular AD activities, augment visibility of DS by enabling various vantage points to better infer activities at other domain machines, and reveal macro activities so that logged information becomes easily interpretable to human analysts.