专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2017171954A1 SYSTEMS AND METHODS FOR DETECTING SECURITY THREATS 审中-公开
标题翻译：用于检测安全威胁的系统和方法
公开(公告)号：WO2017171954A1
公开(公告)日：2017-10-05
申请号：PCT/US2016/069027
申请日：2016-12-28
申请人： SYMANTEC CORPORATION
发明人： ROUNDY, Kevin Alejandro , HART, Michael , GATES, Christopher
IPC分类号： H04L29/06 , G06F21/55
摘要： The disclosed computer-implemented method for detecting security threats may include (1) detecting, by a software security program, a security incident at a client device such that the software security program generates a signature report to identify the security incident, (2) querying an association database with the signature report to deduce another signature report that a different software security program would have predictably generated at the client device, the different software security program having been unavailable at the client device at a time of detecting the security incident, and (3) performing at least one protective action to protect the client device from a security threat associated with the security incident based on the other signature report deduced by querying the association database. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：所公开的用于检测安全威胁的计算机实现的方法可以包括（1）由软件安全程序检测客户端设备处的安全事件，使得软件安全程序生成签名报告以识别（2）用签名报告查询关联数据库以推导出另一个签名报告，即另一个软件安全程序将在客户端设备处预测地产生，不同的软件安全程序一次在客户端设备处不可用（3）基于通过查询关联数据库推导出的另一个签名报告来执行至少一个保护动作以保护客户端设备免受与安全事件相关联的安全威胁。还公开了各种其他方法，系统和计算机可读介质。

2. 发明申请

WO2017058313A1 DETECTION OF SECURITY INCIDENTS WITH LOW CONFIDENCE SECURITY EVENTS 审中-公开
标题翻译：检测安全事故低安全事件
公开(公告)号：WO2017058313A1
公开(公告)日：2017-04-06
申请号：PCT/US2016/038499
申请日：2016-06-21
申请人： SYMANTEC CORPORATION
发明人： ROUNDY, Kevin Alejandro , SPERTUS, Michael
IPC分类号： G06F21/55 , H04L29/06 , H04L12/24
CPC分类号： H04L63/1433 , G06F21/552 , G06F21/554 , H04L41/0604 , H04L63/1416 , H04L63/1425
摘要： Techniques are disclosed for detecting security incidents based on low confidence security events. A security management server aggregates a collection of security events received from logs from one or more devices. The security management server evaluates the collection of security events based on a confidence score assigned to each distinct type of security event. Each confidence score indicates a likelihood that a security incident has occurred. The security management server determines, based on the confidence scores, at least one threshold for determining when to report an occurrence of a security incident from the collection of security events. Upon determining that at least one security event of the collection has crossed the at least one threshold, the security management server reports the occurrence of the security incident to an analyst.
摘要翻译：公开了基于低置信度安全事件来检测安全事件的技术。安全管理服务器聚合从一个或多个设备的日志接收的一组安全事件。安全管理服务器根据分配给每个不同类型的安全事件的置信度评估安全事件的收集。每个置信度分数都表明发生安全事件的可能性。安全管理服务器基于置信度得分确定至少一个阈值，用于确定何时从安全事件的收集中报告安全事件的发生。在确定所述集合的至少一个安全事件已经超过所述至少一个阈值时，所述安全管理服务器向所述分析者报告所述安全事件的发生。

3. 发明申请

WO2016061038A1 SYSTEMS AND METHODS FOR CLASSIFYING SECURITY EVENTS AS TARGETED ATTACKS 审中-公开
标题翻译：将安全事件分类为有针对性的攻击的系统和方法
公开(公告)号：WO2016061038A1
公开(公告)日：2016-04-21
申请号：PCT/US2015/055228
申请日：2015-10-13
申请人： SYMANTEC CORPORATION
发明人： ROUNDY, Kevin Alejandro , BHATKAR, Sandeep
IPC分类号： G06F21/55
CPC分类号： G06F21/554 , G06F21/55 , H04L63/1416
摘要： The disclosed computer-implemented method for classifying security events as targeted attacks may include (1) detecting a security event in connection with at least one organization, (2) comparing the security event against a targeted-attack taxonomy that identifies a plurality of characteristics of targeted attacks, (3) determining that the security event is likely targeting the organization based at least in part on comparing the security event against the targeted-attack taxonomy, and then in response to determining that the security event is likely targeting the organization, (4) classifying the security event as a targeted attack. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于将安全事件分类为目标攻击的公开的计算机实现的方法可以包括（1）检测与至少一个组织有关的安全事件，（2）将安全事件与标识多个特征的目标攻击分类法进行比较（3）至少部分地基于将安全事件与目标攻击分类法进行比较，确定安全事件可能针对组织，然后响应于确定安全事件可能针对组织（（ 4）将安全事件分类为有针对性的攻击。还公开了各种其它方法，系统和计算机可读介质。

4. 发明申请

WO2015035559A1 SYSTEMS AND METHODS FOR USING EVENT-CORRELATION GRAPHS TO DETECT ATTACKS ON COMPUTING SYSTEMS 审中-公开
标题翻译：使用事件相关图来检测计算机系统的攻击的系统和方法
公开(公告)号：WO2015035559A1
公开(公告)日：2015-03-19
申请号：PCT/CN2013/083228
申请日：2013-09-10
申请人： SYMANTEC CORPORATION
发明人： ROUNDY, Kevin Alejandro , GUO, Fanglu , BHATKAR, Sandeep , CHENG, Tao , FU, Jie , LI, Zhi Kai , SHOU, Darren , SAWHNEY, Sanjay , TAMERSOY, Acar , KHALIL, Elias
IPC分类号： G06F21/56
CPC分类号： G06F21/55 , G06F21/577 , H04L63/1425 , H04L63/1433
摘要： A computer-implemented method for using event-correlation graphs to detect attacks on computing systems may include (1) detecting a suspicious event involving a first actor within a computing system, (2) constructing an event-correlation graph that includes a first node that represents the first actor, a second node that represents a second actor, and an edge that interconnects the first node and the second node and represents a suspicious event involving the first actor and the second actor, (3) calculating, based at least in part on the additional suspicious event, an attack score for the event-correlation graph, (4) determining that the attack score is greater than a predetermined threshold, and (5) determining, based at least in part on the attack score being greater than the predetermined threshold, that the suspicious event may be part of an attack on the computing system. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于使用事件相关图来检测对计算系统的攻击的计算机实现的方法可以包括（1）检测涉及计算系统内的第一actor的可疑事件，（2）构建事件相关图，其包括第一节点，代表第一演员，表示第二演员的第二节点和互连第一节点和第二节点并且表示涉及第一演员和第二演员的可疑事件的边缘，（3）至少部分地计算关于附加的可疑事件，事件相关图的攻击得分，（4）确定攻击得分大于预定阈值，以及（5）至少部分地基于攻击得分大于预定阈值，可疑事件可能是对计算系统的攻击的一部分。还公开了各种其它方法，系统和计算机可读介质。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式