首页> 外国专利> Discovery of groupings of security alert types and corresponding complex multipart attacks, from analysis of massive security telemetry

Discovery of groupings of security alert types and corresponding complex multipart attacks, from analysis of massive security telemetry

机译：通过对大规模安全遥测的分析，发现安全警报类型和相应的复杂多部分攻击的分组

页面导航

摘要
著录项
相似文献

摘要

Alerts generated by triggering signatures on endpoints are identified in samples of security telemetry. The sources of alerts are filtered. Alert tuples identifying multipart attacks are discovered. An iterative multi-pass search of alert types generated by filtered sources can be conducted. During each pass, groups of successively larger numbers of alert types generated by common sources are identified. A list of alert types can be sorted according to the number of filtered sources that generated each alert type, from most to least. Pairs of alert types with multiple common sources can be identified by traversing the sorted list of alerts types. The sorted list can be iteratively traversed, identifying successive additional alert types to add to previously identified groupings, which are used as seed groups for successive identifications. Only the portion of the sorted list appearing after the last added alert type need be examined for successive identifications.

机译：在安全遥测样本中标识了通过在端点上触发签名而生成的警报。警报源已过滤。发现标识多部分攻击的警报元组。可以对经过筛选的源生成的警报类型进行迭代的多遍搜索。在每次通过期间，将识别由公共源生成的连续数量较大的警报类型组。可以根据生成每种警报类型的过滤源的数量（从最大到最小）对警报类型列表进行排序。可以通过遍历警报类型的排序列表来识别具有多个常见源的警报类型对。可以迭代遍历排序的列表，标识连续的其他警报类型以添加到先前标识的分组中，这些分组用作连续标识的种子组。仅检查最后添加的警报类型之后出现的排序列表部分，以进行连续标识。

著录项

公开/公告号US10178109B1

专利类型
公开/公告日2019-01-08

原文格式PDF
申请/专利权人 SYMANTEC CORPORATION;
展开▼

申请/专利号US201615088001
发明设计人 STANISLAV MISKOVIC;
展开▼

申请日2016-03-31
分类号H04L29/06;H04L12/26;
国家 US
入库时间 2022-08-21 12:04:12

相似文献

专利
外文文献
中文文献