INTRUSION DETECTION BASED ON IMPLICIT ACTIVE LEARNING
A computer-implemented method comprising: automatically monitoring a honeypot trap environment, to capture activity data within the honeypot trap environment, wherein the honeypot trap environment comprises a plurality of software and hardware resources that are intended to attract attempts at unaut...
Gespeichert in:
| Hauptverfasser: | , |
|---|---|
| Format: | Patent |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | A computer-implemented method comprising: automatically monitoring a honeypot trap environment, to capture activity data within the honeypot trap environment, wherein the honeypot trap environment comprises a plurality of software and hardware resources that are intended to attract attempts at unauthorized use of the honeypot trap environment; automatically extracting, from the captured activity data, a plurality of attributes representing entities, events, and relations between the entities and events; automatically applying an analytics suite to identify specific combinations of the attributes as representing a likelihood of being associated with an unauthorized intrusion attempt into the honeypot environment; automatically assigning a risk score to each of the specific combinations, wherein the risk score reflect the likelihood of being associated with an unauthorized intrusion attempt into the honeypot environment; and automatically generating at least one security rule for an intrusion detection and prevention system, based on at least one of the specific combinations. |
|---|