Using tunable metrics for iterative discovery of groups of alert types identifying complex multipart attacks with different properties

Using tunable metrics for iterative discovery of groups of alert types identifying complex multipart attacks with different properties

Tunable metrics are used for iterative discovery of groups of security alerts that identify complex, multipart attacks with different properties. Alerts generated by triggering signatures on originating computing devices are iteratively traversed, and different metrics corresponding to alerts and al...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: Miskovic Stanislav
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator Miskovic Stanislav
description Tunable metrics are used for iterative discovery of groups of security alerts that identify complex, multipart attacks with different properties. Alerts generated by triggering signatures on originating computing devices are iteratively traversed, and different metrics corresponding to alerts and alert groups are calculated. The calculated metrics quantify the feasibility of the evaluation components (alerts and/or alert groups) for inclusion in tuples identifying multipart attacks with specific properties. Alerts and successively larger alert groups are iteratively joined into tuples, responsive to evaluation components meeting thresholds based on corresponding calculated metrics. Only those evaluation components that meet specific thresholds based on the calculated metrics are added to alert groups. Metrics are only calculated for those components that have met corresponding metric-based thresholds during prior iterations. Discovered tuples can be transmitted to multiple endpoint computing devices, where the tuples can be utilized as signatures to detect and defend against multipart attacks.
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US9871810B1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US9871810B1</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US9871810B13</originalsourceid><addsrcrecordid>eNqNzDEOwjAMheEuDAi4gy-ARMVAWUEgduhcmdQpFmkTxW6hF-DcpBIHYHpv-PXNs08p3DWgfYd3R9CSRjYC1kdgpYjKA0HNYvxAcQRvoYm-DzI9dBQVdAwkwDV1ynacMOPb4OgNbe-UA6YGVdE8BV6sj6RZSzHlEKIPiWCSZTaz6IRWv11kcD7djpc1BV-RBDTUkVbldV_s8iLfHPLtH8kXdLRM6w</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Using tunable metrics for iterative discovery of groups of alert types identifying complex multipart attacks with different properties</title><source>esp@cenet</source><creator>Miskovic Stanislav</creator><creatorcontrib>Miskovic Stanislav</creatorcontrib><description>Tunable metrics are used for iterative discovery of groups of security alerts that identify complex, multipart attacks with different properties. Alerts generated by triggering signatures on originating computing devices are iteratively traversed, and different metrics corresponding to alerts and alert groups are calculated. The calculated metrics quantify the feasibility of the evaluation components (alerts and/or alert groups) for inclusion in tuples identifying multipart attacks with specific properties. Alerts and successively larger alert groups are iteratively joined into tuples, responsive to evaluation components meeting thresholds based on corresponding calculated metrics. Only those evaluation components that meet specific thresholds based on the calculated metrics are added to alert groups. Metrics are only calculated for those components that have met corresponding metric-based thresholds during prior iterations. Discovered tuples can be transmitted to multiple endpoint computing devices, where the tuples can be utilized as signatures to detect and defend against multipart attacks.</description><language>eng</language><subject>CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRIC DIGITAL DATA PROCESSING ; ELECTRICITY ; PHYSICS ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2018</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20180116&amp;DB=EPODOC&amp;CC=US&amp;NR=9871810B1$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,777,882,25545,76296</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20180116&amp;DB=EPODOC&amp;CC=US&amp;NR=9871810B1$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>Miskovic Stanislav</creatorcontrib><title>Using tunable metrics for iterative discovery of groups of alert types identifying complex multipart attacks with different properties</title><description>Tunable metrics are used for iterative discovery of groups of security alerts that identify complex, multipart attacks with different properties. Alerts generated by triggering signatures on originating computing devices are iteratively traversed, and different metrics corresponding to alerts and alert groups are calculated. The calculated metrics quantify the feasibility of the evaluation components (alerts and/or alert groups) for inclusion in tuples identifying multipart attacks with specific properties. Alerts and successively larger alert groups are iteratively joined into tuples, responsive to evaluation components meeting thresholds based on corresponding calculated metrics. Only those evaluation components that meet specific thresholds based on the calculated metrics are added to alert groups. Metrics are only calculated for those components that have met corresponding metric-based thresholds during prior iterations. Discovered tuples can be transmitted to multiple endpoint computing devices, where the tuples can be utilized as signatures to detect and defend against multipart attacks.</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>ELECTRICITY</subject><subject>PHYSICS</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2018</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNqNzDEOwjAMheEuDAi4gy-ARMVAWUEgduhcmdQpFmkTxW6hF-DcpBIHYHpv-PXNs08p3DWgfYd3R9CSRjYC1kdgpYjKA0HNYvxAcQRvoYm-DzI9dBQVdAwkwDV1ynacMOPb4OgNbe-UA6YGVdE8BV6sj6RZSzHlEKIPiWCSZTaz6IRWv11kcD7djpc1BV-RBDTUkVbldV_s8iLfHPLtH8kXdLRM6w</recordid><startdate>20180116</startdate><enddate>20180116</enddate><creator>Miskovic Stanislav</creator><scope>EVB</scope></search><sort><creationdate>20180116</creationdate><title>Using tunable metrics for iterative discovery of groups of alert types identifying complex multipart attacks with different properties</title><author>Miskovic Stanislav</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US9871810B13</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2018</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>ELECTRICITY</topic><topic>PHYSICS</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>Miskovic Stanislav</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Miskovic Stanislav</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Using tunable metrics for iterative discovery of groups of alert types identifying complex multipart attacks with different properties</title><date>2018-01-16</date><risdate>2018</risdate><abstract>Tunable metrics are used for iterative discovery of groups of security alerts that identify complex, multipart attacks with different properties. Alerts generated by triggering signatures on originating computing devices are iteratively traversed, and different metrics corresponding to alerts and alert groups are calculated. The calculated metrics quantify the feasibility of the evaluation components (alerts and/or alert groups) for inclusion in tuples identifying multipart attacks with specific properties. Alerts and successively larger alert groups are iteratively joined into tuples, responsive to evaluation components meeting thresholds based on corresponding calculated metrics. Only those evaluation components that meet specific thresholds based on the calculated metrics are added to alert groups. Metrics are only calculated for those components that have met corresponding metric-based thresholds during prior iterations. Discovered tuples can be transmitted to multiple endpoint computing devices, where the tuples can be utilized as signatures to detect and defend against multipart attacks.</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language eng
recordid cdi_epo_espacenet_US9871810B1
source esp@cenet
subjects CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
title Using tunable metrics for iterative discovery of groups of alert types identifying complex multipart attacks with different properties
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-20T00%3A44%3A25IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=Miskovic%20Stanislav&rft.date=2018-01-16&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS9871810B1%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true