CN107430535B - 一种用于执行威胁检测的方法及计算机可读介质 - Google Patents

一种用于执行威胁检测的方法及计算机可读介质 Download PDF

Info

Publication number
CN107430535B
CN107430535B CN201680015075.4A CN201680015075A CN107430535B CN 107430535 B CN107430535 B CN 107430535B CN 201680015075 A CN201680015075 A CN 201680015075A CN 107430535 B CN107430535 B CN 107430535B
Authority
CN
China
Prior art keywords
threat
data
panel
indicator
event data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201680015075.4A
Other languages
English (en)
Chinese (zh)
Other versions
CN107430535A (zh
Inventor
黄炜
周一峥
H·恩杰曼泽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anomali Inc
Original Assignee
Anomali Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anomali Inc filed Critical Anomali Inc
Publication of CN107430535A publication Critical patent/CN107430535A/zh
Application granted granted Critical
Publication of CN107430535B publication Critical patent/CN107430535B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Computer And Data Communications (AREA)
  • Alarm Systems (AREA)
  • Debugging And Monitoring (AREA)
CN201680015075.4A 2015-01-30 2016-01-27 一种用于执行威胁检测的方法及计算机可读介质 Active CN107430535B (zh)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US201562109862P 2015-01-30 2015-01-30
US62/109,862 2015-01-30
US15/007,131 US10230742B2 (en) 2015-01-30 2016-01-26 Space and time efficient threat detection
US15/007,131 2016-01-26
PCT/US2016/015167 WO2016123238A1 (en) 2015-01-30 2016-01-27 Space and time efficient threat detection

Publications (2)

Publication Number Publication Date
CN107430535A CN107430535A (zh) 2017-12-01
CN107430535B true CN107430535B (zh) 2020-09-11

Family

ID=56544287

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201680015075.4A Active CN107430535B (zh) 2015-01-30 2016-01-27 一种用于执行威胁检测的方法及计算机可读介质

Country Status (7)

Country Link
US (2) US10230742B2 (enExample)
EP (1) EP3251010B1 (enExample)
JP (1) JP6723267B2 (enExample)
CN (1) CN107430535B (enExample)
CA (1) CA2974708C (enExample)
MX (1) MX376120B (enExample)
WO (1) WO2016123238A1 (enExample)

Families Citing this family (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9866576B2 (en) 2015-04-17 2018-01-09 Centripetal Networks, Inc. Rule-based network-threat detection
US10366229B2 (en) 2016-06-20 2019-07-30 Jask Labs Inc. Method for detecting a cyber attack
EP3291120B1 (en) * 2016-09-06 2021-04-21 Accenture Global Solutions Limited Graph database analysis for network anomaly detection systems
US10673880B1 (en) 2016-09-26 2020-06-02 Splunk Inc. Anomaly detection to identify security threats
US10462170B1 (en) * 2016-11-21 2019-10-29 Alert Logic, Inc. Systems and methods for log and snort synchronized threat detection
JP6932779B2 (ja) * 2016-11-23 2021-09-08 Line株式会社 検知結果が有効であるかないかを検証する方法およびシステム
US10469509B2 (en) * 2016-12-29 2019-11-05 Chronicle Llc Gathering indicators of compromise for security threat detection
US11075987B1 (en) * 2017-06-12 2021-07-27 Amazon Technologies, Inc. Load estimating content delivery network
US10503899B2 (en) 2017-07-10 2019-12-10 Centripetal Networks, Inc. Cyberanalysis workflow acceleration
US11030308B2 (en) * 2017-08-09 2021-06-08 Nec Corporation Inter-application dependency analysis for improving computer system threat detection
JP7105096B2 (ja) * 2018-04-18 2022-07-22 株式会社日立システムズ 複数組織間の脅威情報共有システム及び方法
US11709946B2 (en) 2018-06-06 2023-07-25 Reliaquest Holdings, Llc Threat mitigation system and method
US11528287B2 (en) 2018-06-06 2022-12-13 Reliaquest Holdings, Llc Threat mitigation system and method
GB201810294D0 (en) * 2018-06-22 2018-08-08 Senseon Tech Ltd Cybe defence system
US11063967B2 (en) 2018-07-03 2021-07-13 The Boeing Company Network threat indicator extraction and response
US10936488B1 (en) * 2018-08-31 2021-03-02 Splunk Inc. Incident response in an information technology environment using cached data from external services
CN110929187A (zh) * 2018-09-18 2020-03-27 北京数安鑫云信息技术有限公司 威胁事件可视化展现方法、装置、存储装置及计算机设备
US11228603B1 (en) * 2018-09-27 2022-01-18 Juniper Networks, Inc. Learning driven dynamic threat treatment for a software defined networking environment
CN111027056A (zh) * 2019-01-31 2020-04-17 哈尔滨安天科技集团股份有限公司 一种图形化展示安全威胁事件的方法、装置及存储介质
US11831669B2 (en) * 2019-02-14 2023-11-28 Raytheon Bbn Technologies Corp. Systems and methods for evaluating cyber assets
WO2021050544A1 (en) * 2019-09-09 2021-03-18 Reliaquest Holdings, Llc Threat mitigation system and method
US11983186B2 (en) * 2019-10-23 2024-05-14 Honeywell International Inc. Predicting potential incident event data structures based on multi-modal analysis
CN110737890B (zh) * 2019-10-25 2021-04-02 中国科学院信息工程研究所 一种基于异质时序事件嵌入学习的内部威胁检测系统及方法
CN113328976B (zh) * 2020-02-28 2022-11-22 华为技术有限公司 一种安全威胁事件识别方法、装置及设备
US11368469B2 (en) 2020-06-22 2022-06-21 Google Llc Preventing data manipulation and protecting user privacy in determining accurate location event measurements
EP3955140A1 (en) * 2020-08-10 2022-02-16 Magnet Forensics Inc. Systems and methods for cloud-based collection and processing of digital forensic evidence
CN112202764B (zh) * 2020-09-28 2023-05-19 中远海运科技股份有限公司 网络攻击链路可视化系统、方法和服务器
JP7408530B2 (ja) * 2020-11-13 2024-01-05 株式会社日立製作所 セキュリティ管理システム、及びセキュリティ管理方法
US11374898B1 (en) * 2020-12-14 2022-06-28 Lenovo (Singapore) Pte. Ltd. Use of partial hash of domain name to return IP address associated with the domain name
CN112667629A (zh) * 2020-12-22 2021-04-16 互联网域名系统北京市工程研究中心有限公司 基于布隆过滤器的威胁检测方法和系统
CN115087978B (zh) * 2021-01-15 2023-08-01 谷歌有限责任公司 用于欺诈检测的跨域频率滤波器
WO2023034638A1 (en) * 2021-09-03 2023-03-09 Open Text Holdings, Inc. Systems and methods for asset based event prioritization for remote endpoint security
US12432244B2 (en) * 2022-03-24 2025-09-30 At&T Intellectual Property I, L.P. Home gateway monitoring for vulnerable home internet of things devices
US12231450B2 (en) 2022-04-22 2025-02-18 Anomali Inc. Efficient management of complex attack surfaces

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571812A (zh) * 2011-12-31 2012-07-11 成都市华为赛门铁克科技有限公司 一种网络威胁的跟踪识别方法及装置
US8332947B1 (en) * 2006-06-27 2012-12-11 Symantec Corporation Security threat reporting in light of local security tools
US8631330B1 (en) * 2009-08-16 2014-01-14 Bitdefender IPR Management Ltd. Security application graphical user interface customization systems and methods
CN103999091A (zh) * 2011-12-29 2014-08-20 迈可菲公司 地理映射系统安全事件

Family Cites Families (72)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004019186A2 (en) * 2002-08-26 2004-03-04 Guardednet, Inc. Determining threat level associated with network activity
US20050193429A1 (en) * 2004-01-23 2005-09-01 The Barrier Group Integrated data traffic monitoring system
US8239669B2 (en) * 2004-03-17 2012-08-07 Telecommunication Systems, Inc. Reach-back communications terminal with selectable networking options
US7784097B1 (en) * 2004-11-24 2010-08-24 The Trustees Of Columbia University In The City Of New York Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems
WO2006071985A2 (en) * 2004-12-29 2006-07-06 Alert Logic, Inc. Threat scoring system and method for intrusion detection security networks
US7624448B2 (en) * 2006-03-04 2009-11-24 21St Century Technologies, Inc. Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data
US7530105B2 (en) * 2006-03-21 2009-05-05 21St Century Technologies, Inc. Tactical and strategic attack detection and prediction
US20080047009A1 (en) * 2006-07-20 2008-02-21 Kevin Overcash System and method of securing networks against applications threats
US20080148398A1 (en) * 2006-10-31 2008-06-19 Derek John Mezack System and Method for Definition and Automated Analysis of Computer Security Threat Models
US8707431B2 (en) * 2007-04-24 2014-04-22 The Mitre Corporation Insider threat detection
US9336385B1 (en) * 2008-02-11 2016-05-10 Adaptive Cyber Security Instruments, Inc. System for real-time threat detection and management
US8595282B2 (en) * 2008-06-30 2013-11-26 Symantec Corporation Simplified communication of a reputation score for an entity
US8286239B1 (en) 2008-07-24 2012-10-09 Zscaler, Inc. Identifying and managing web risks
US8095964B1 (en) * 2008-08-29 2012-01-10 Symantec Corporation Peer computer based threat detection
US8060936B2 (en) * 2008-10-21 2011-11-15 Lookout, Inc. Security status and information display system
US8347386B2 (en) * 2008-10-21 2013-01-01 Lookout, Inc. System and method for server-coupled malware prevention
US9231964B2 (en) * 2009-04-14 2016-01-05 Microsoft Corporation Vulnerability detection based on aggregated primitives
US8239668B1 (en) * 2009-04-15 2012-08-07 Trend Micro Incorporated Computer security threat data collection and aggregation with user privacy protection
JP5559306B2 (ja) * 2009-04-24 2014-07-23 アルグレス・インコーポレイテッド 対話的グラフを用いた予測モデリングのための企業情報セキュリティ管理ソフトウェア
US10027711B2 (en) * 2009-11-20 2018-07-17 Alert Enterprise, Inc. Situational intelligence
US8806620B2 (en) * 2009-12-26 2014-08-12 Intel Corporation Method and device for managing security events
US8468599B2 (en) * 2010-09-20 2013-06-18 Sonalysts, Inc. System and method for privacy-enhanced cyber data fusion using temporal-behavioral aggregation and analysis
US9032521B2 (en) * 2010-10-13 2015-05-12 International Business Machines Corporation Adaptive cyber-security analytics
ES2442747T3 (es) * 2011-02-10 2014-02-13 Telefónica, S.A. Procedimiento y sistema para mejorar la detección de amenazas de seguridad en redes de comunicación
WO2012109633A2 (en) * 2011-02-11 2012-08-16 Achilles Guard, Inc. D/B/A Critical Watch Security countermeasure management platform
US10356106B2 (en) * 2011-07-26 2019-07-16 Palo Alto Networks (Israel Analytics) Ltd. Detecting anomaly action within a computer network
US20130074143A1 (en) * 2011-09-15 2013-03-21 Mcafee, Inc. System and method for real-time customized threat protection
US9686293B2 (en) * 2011-11-03 2017-06-20 Cyphort Inc. Systems and methods for malware detection and mitigation
KR101575282B1 (ko) * 2011-11-28 2015-12-09 한국전자통신연구원 보안관리 도메인들 간에 익명 식별자 기반의 보안정보를 공유하기 위한 에이전트 장치 및 방법
US9971896B2 (en) 2011-12-30 2018-05-15 International Business Machines Corporation Targeted security testing
US9710644B2 (en) * 2012-02-01 2017-07-18 Servicenow, Inc. Techniques for sharing network security event information
KR101570946B1 (ko) 2012-02-15 2015-11-20 엠파이어 테크놀로지 디벨롭먼트 엘엘씨 디지털 콘텐트의 콘택스트적 이용 및 만료
EP2831842A4 (en) * 2012-03-26 2016-03-23 Tata Consultancy Services Ltd PARTICIPATORY SURVEILLANCE BASED ON LOCALIZATION TRIGGERED BY EVENTS
KR101868893B1 (ko) * 2012-07-09 2018-06-19 한국전자통신연구원 네트워크 보안 상황 시각화 방법 및 그 장치
US9392003B2 (en) * 2012-08-23 2016-07-12 Raytheon Foreground Security, Inc. Internet security cyber threat reporting system and method
PL2926308T3 (pl) * 2012-11-28 2020-01-31 Telefónica Germany GmbH & Co. OHG Sposób anonimizacji przez transmitowanie zbioru danych między różnymi jednostkami
EP2866484B1 (en) * 2013-10-24 2018-10-10 Telefónica Germany GmbH & Co. OHG A method for anonymization of data collected within a mobile communication network
US9378361B1 (en) * 2012-12-31 2016-06-28 Emc Corporation Anomaly sensor framework for detecting advanced persistent threat attacks
WO2014143012A1 (en) * 2013-03-15 2014-09-18 Mcafee, Inc. Remote malware remediation
US9904893B2 (en) * 2013-04-02 2018-02-27 Patternex, Inc. Method and system for training a big data machine to defend
US20140337974A1 (en) * 2013-04-15 2014-11-13 Anupam Joshi System and method for semantic integration of heterogeneous data sources for context aware intrusion detection
WO2014179805A1 (en) * 2013-05-03 2014-11-06 Webroot Inc. Method and apparatus for providing forensic visibility into systems and networks
WO2015009296A1 (en) * 2013-07-17 2015-01-22 Hewlett-Packard Development Company, L.P. Event management system
US8826434B2 (en) * 2013-07-25 2014-09-02 Splunk Inc. Security threat detection based on indications in big data of access to newly registered domains
US8752178B2 (en) * 2013-07-31 2014-06-10 Splunk Inc. Blacklisting and whitelisting of security-related events
EP3053074A4 (en) * 2013-09-30 2017-04-05 Hewlett-Packard Enterprise Development LP Hierarchical threat intelligence
US9392007B2 (en) * 2013-11-04 2016-07-12 Crypteia Networks S.A. System and method for identifying infected networks and systems from unknown attacks
US10296761B2 (en) * 2013-11-22 2019-05-21 The Trustees Of Columbia University In The City Of New York Database privacy protection devices, methods, and systems
GB2520987B (en) * 2013-12-06 2016-06-01 Cyberlytic Ltd Using fuzzy logic to assign a risk level profile to a potential cyber threat
US9692789B2 (en) * 2013-12-13 2017-06-27 Oracle International Corporation Techniques for cloud security monitoring and threat intelligence
US10367827B2 (en) * 2013-12-19 2019-07-30 Splunk Inc. Using network locations obtained from multiple threat lists to evaluate network data or machine data
US10289838B2 (en) * 2014-02-21 2019-05-14 Entit Software Llc Scoring for threat observables
US9338181B1 (en) * 2014-03-05 2016-05-10 Netflix, Inc. Network security system with remediation based on value of attacked assets
EP3132569A4 (en) * 2014-04-18 2017-12-06 EntIT Software LLC Rating threat submitter
US10447733B2 (en) * 2014-06-11 2019-10-15 Accenture Global Services Limited Deception network system
US9794279B2 (en) * 2014-06-11 2017-10-17 Accenture Global Services Limited Threat indicator analytics system
US10469514B2 (en) * 2014-06-23 2019-11-05 Hewlett Packard Enterprise Development Lp Collaborative and adaptive threat intelligence for computer security
US10212176B2 (en) * 2014-06-23 2019-02-19 Hewlett Packard Enterprise Development Lp Entity group behavior profiling
US10902468B2 (en) * 2014-06-23 2021-01-26 Board Of Regents, The University Of Texas System Real-time, stream data information integration and analytics system
US20160191558A1 (en) * 2014-12-23 2016-06-30 Bricata Llc Accelerated threat mitigation system
US9565204B2 (en) * 2014-07-18 2017-02-07 Empow Cyber Security Ltd. Cyber-security system and methods thereof
WO2016014014A1 (en) * 2014-07-21 2016-01-28 Hewlett-Packard Development Company, L.P. Remedial action for release of threat data
US9596266B1 (en) * 2014-07-23 2017-03-14 Lookingglass Cyber Solutions, Inc. Apparatuses, methods and systems for a real-time cyber threat indicator verification mechanism
US11122058B2 (en) * 2014-07-23 2021-09-14 Seclytics, Inc. System and method for the automated detection and prediction of online threats
WO2016018382A1 (en) * 2014-07-31 2016-02-04 Hewlett-Packard Development Company, L.P. Creating a security report for a customer network
GB2529150B (en) * 2014-08-04 2022-03-30 Darktrace Ltd Cyber security
US10382454B2 (en) * 2014-09-26 2019-08-13 Mcafee, Llc Data mining algorithms adopted for trusted execution environment
US20160191549A1 (en) * 2014-10-09 2016-06-30 Glimmerglass Networks, Inc. Rich metadata-based network security monitoring and analysis
CA2934311C (en) * 2014-10-21 2017-06-13 Robert L. Grossman Cybersecurity system
US10574675B2 (en) * 2014-12-05 2020-02-25 T-Mobile Usa, Inc. Similarity search for discovering multiple vector attacks
US9699209B2 (en) * 2014-12-29 2017-07-04 Cyence Inc. Cyber vulnerability scan analyses with actionable feedback
WO2016115266A1 (en) * 2015-01-14 2016-07-21 Niara, Inc. System, apparatus and method for anonymizing data prior to threat detection analysis

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8332947B1 (en) * 2006-06-27 2012-12-11 Symantec Corporation Security threat reporting in light of local security tools
US8631330B1 (en) * 2009-08-16 2014-01-14 Bitdefender IPR Management Ltd. Security application graphical user interface customization systems and methods
CN103999091A (zh) * 2011-12-29 2014-08-20 迈可菲公司 地理映射系统安全事件
CN102571812A (zh) * 2011-12-31 2012-07-11 成都市华为赛门铁克科技有限公司 一种网络威胁的跟踪识别方法及装置

Also Published As

Publication number Publication date
MX376120B (es) 2025-03-07
CA2974708A1 (en) 2016-08-04
JP2018508918A (ja) 2018-03-29
US20190158514A1 (en) 2019-05-23
JP6723267B2 (ja) 2020-07-15
US10230742B2 (en) 2019-03-12
US10616248B2 (en) 2020-04-07
EP3251010A4 (en) 2018-09-05
EP3251010B1 (en) 2021-09-29
WO2016123238A1 (en) 2016-08-04
EP3251010A1 (en) 2017-12-06
US20160226895A1 (en) 2016-08-04
MX2017009762A (es) 2018-03-28
CN107430535A (zh) 2017-12-01
CA2974708C (en) 2020-09-22

Similar Documents

Publication Publication Date Title
CN107430535B (zh) 一种用于执行威胁检测的方法及计算机可读介质
US11876809B2 (en) Identifying a cyber-attack impacting a particular asset
US11106681B2 (en) Conditional processing based on inferred sourcetypes
US11314733B2 (en) Identification of relevant data events by use of clustering
US11196756B2 (en) Identifying notable events based on execution of correlation searches
US11288283B2 (en) Identifying metrics related to data ingestion associated with a defined time period
US20230125566A1 (en) Long string pattern matching of aggregated account data
US11550921B2 (en) Threat response systems and methods
US9935864B2 (en) Service analyzer interface
US10860655B2 (en) Creating and testing a correlation search
US20160306871A1 (en) Scaling available storage based on counting generated events
US20160224899A1 (en) Methods and Systems For Determining Probabilities of Occurrence For Events and Determining Anomalous events
US11501112B1 (en) Detecting, diagnosing, and directing solutions for source type mislabeling of machine data, including machine data that may contain PII, using machine learning
CN111258796A (zh) 服务基础设施以及在其处预测和检测潜在异常的方法
CN107844572B (zh) 多维度事件关联分析方法
US12199996B1 (en) Confidence scoring for detectors used to detect anomalous behavior
Zhong et al. Leveraging decision making in cyber security analysis through data cleaning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant