首页>
外国专利>
Discovery of groupings of security alert types and corresponding complex multipart attacks, from analysis of massive security telemetry
Discovery of groupings of security alert types and corresponding complex multipart attacks, from analysis of massive security telemetry
展开▼
机译:通过对大规模安全遥测的分析,发现安全警报类型和相应的复杂多部分攻击的分组
展开▼
页面导航
摘要
著录项
相似文献
摘要
Alerts generated by triggering signatures on endpoints are identified in samples of security telemetry. The sources of alerts are filtered. Alert tuples identifying multipart attacks are discovered. An iterative multi-pass search of alert types generated by filtered sources can be conducted. During each pass, groups of successively larger numbers of alert types generated by common sources are identified. A list of alert types can be sorted according to the number of filtered sources that generated each alert type, from most to least. Pairs of alert types with multiple common sources can be identified by traversing the sorted list of alerts types. The sorted list can be iteratively traversed, identifying successive additional alert types to add to previously identified groupings, which are used as seed groups for successive identifications. Only the portion of the sorted list appearing after the last added alert type need be examined for successive identifications.
展开▼