EA201991278A1 - INTELLIGENT CYBER THREAT MANAGEMENT SYSTEM - Google Patents
INTELLIGENT CYBER THREAT MANAGEMENT SYSTEMInfo
- Publication number
- EA201991278A1 EA201991278A1 EA201991278A EA201991278A EA201991278A1 EA 201991278 A1 EA201991278 A1 EA 201991278A1 EA 201991278 A EA201991278 A EA 201991278A EA 201991278 A EA201991278 A EA 201991278A EA 201991278 A1 EA201991278 A1 EA 201991278A1
- Authority
- EA
- Eurasian Patent Office
- Prior art keywords
- information
- data
- cyber
- cyber threats
- module
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/22—Arrangements for sorting or merging computer data on continuous record carriers, e.g. tape, drum, disc
- G06F7/24—Sorting, i.e. extracting data from one or more carriers, rearranging the data in numerical or other ordered sequence, and rerecording the sorted data on the original carrier or on a different carrier or set of carriers sorting methods in general
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Computer And Data Communications (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
Настоящее изобретение относится к области информационной защиты, в частности к системам интеллектуального управления киберугрозами. Основным техническим результатом является повышение информационной безопасности за счет осуществления автоматизированной обработки данных о поступающих киберугрозах, обеспечивающей постоянную актуализацию данных о типах киберугроз и индикаторов компрометации, соответствующих им. Заявленная система интеллектуального управления киберугрозами содержит по меньшей мере один процессор, обеспечивающий обработку информационных потоков между модулями системы; по меньшей мере одно средство хранения данных, содержащее машиночитаемые инструкции, исполняемые процессором; модуль получения данных, обеспечивающий сбор информации из внешних и внутренних источников данных, содержащих информацию о киберугрозах; фильтрацию полученных данных и преобразование полученной информации в единый формат представления; модуль обогащения данных, обеспечивающий дополнение данных об индикаторах компрометации киберугроз из внешних источников данных; выполнение поиска и сбора информации о вредоносном коде, связанном с известными киберугрозами; обновление информации о кибербезопасности, включающей, по меньшей мере, сведения об уязвимости используемого программного обеспечения, о наличии вредоносного кода, связанном по меньшей мере с одной уязвимостью, и информацию об обновлении по меньшей мере одного программного обеспечения, обеспечивающем защиту по меньшей мере от одного типа уязвимости; выявление учетных записей пользователей, которые были задействованы при взаимодействии с ресурсами, связанными с индикаторами компрометации, информация по которым хранится в базе данных; базу данных, обеспечивающую хранение актуальной информации о киберугрозах, передаваемую от модулей получения данных и модуля обогащения данных; модуль интеграции, обеспечивающий передачу в унифицированном формате данных о киберугрозах системам кибербезопасности; модуль аналитики, обеспечивающий выполнение анализа уязвимостей ИТ-инфраструктуры в подключенных к модулю интеграции системах; выявление и отображение неявных связей между информационными сущностями, относящимися по меньшей мере к одному типу киберугрозы, с помощью анализа цепочек связей между упомянутыми сущностями и поиском общих узлов упомянутых сущностей.The present invention relates to the field of information security, in particular to systems for intelligent management of cyber threats. The main technical result is an increase in information security through the implementation of automated processing of data on incoming cyber threats, which ensures constant updating of data on the types of cyber threats and indicators of compromise corresponding to them. The claimed system for intelligent management of cyber threats contains at least one processor that processes information flows between the modules of the system; at least one data storage medium containing machine-readable instructions executed by the processor; a data acquisition module that collects information from external and internal data sources containing information about cyber threats; filtering the received data and converting the received information into a single presentation format; a data enrichment module that supplements data on indicators of cyber threat compromise from external data sources; performing searches and collecting information about malicious code associated with known cyber threats; update of cybersecurity information, including at least information about the vulnerability of the software used, the presence of malicious code associated with at least one vulnerability, and information about the update of at least one software that provides protection against at least one type vulnerabilities; identification of user accounts that were involved in interacting with resources associated with indicators of compromise, information on which is stored in the database; a database that provides storage of up-to-date information about cyber threats, transmitted from the data acquisition modules and the data enrichment module; an integration module that ensures the transmission of cyber threat data to cyber security systems in a unified format; analytics module that provides analysis of IT infrastructure vulnerabilities in systems connected to the integration module; identifying and displaying implicit relationships between information entities belonging to at least one type of cyber threat by analyzing chains of relationships between said entities and searching for common nodes of said entities.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
RU2019117226A RU2702269C1 (en) | 2019-06-04 | 2019-06-04 | Intelligent control system for cyberthreats |
Publications (2)
Publication Number | Publication Date |
---|---|
EA201991278A1 true EA201991278A1 (en) | 2020-12-30 |
EA038063B1 EA038063B1 (en) | 2021-06-30 |
Family
ID=68170889
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EA201991278A EA038063B1 (en) | 2019-06-04 | 2019-06-24 | Intelligent control system for cyberthreats |
Country Status (3)
Country | Link |
---|---|
EA (1) | EA038063B1 (en) |
RU (1) | RU2702269C1 (en) |
WO (1) | WO2020246905A1 (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
RU2680736C1 (en) | 2018-01-17 | 2019-02-26 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Malware files in network traffic detection server and method |
RU2728498C1 (en) | 2019-12-05 | 2020-07-29 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Method and system for determining software belonging by its source code |
RU2728497C1 (en) | 2019-12-05 | 2020-07-29 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Method and system for determining belonging of software by its machine code |
RU2747476C1 (en) * | 2020-08-04 | 2021-05-05 | Публичное Акционерное Общество "Сбербанк России" (Пао Сбербанк) | Intelligent risk and vulnerability management system for infrastructure elements |
RU2743619C1 (en) | 2020-08-06 | 2021-02-20 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Method and system for generating the list of compromise indicators |
TR202101120A2 (en) * | 2021-01-26 | 2021-04-21 | Turkcell Technology Research And Development Co | A SYSTEM THAT DETECTS FRAUD CONDITIONS IN THE DATA FLOW |
US11947572B2 (en) | 2021-03-29 | 2024-04-02 | Group IB TDS, Ltd | Method and system for clustering executable files |
CN113726826B (en) * | 2021-11-04 | 2022-06-17 | 北京微步在线科技有限公司 | Threat information generation method and device |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2279465B1 (en) * | 2008-04-17 | 2014-04-02 | Siemens Aktiengesellschaft | Method and system for cyber security management of industrial control systems |
KR101039717B1 (en) * | 2009-07-07 | 2011-06-09 | 한국전자통신연구원 | Cyber Threat Forecasting Engine System for Predicting Cyber Threats and Method for Predicting Cyber Threats Using the Same System |
US9118702B2 (en) * | 2011-05-31 | 2015-08-25 | Bce Inc. | System and method for generating and refining cyber threat intelligence data |
GB2520987B (en) * | 2013-12-06 | 2016-06-01 | Cyberlytic Ltd | Using fuzzy logic to assign a risk level profile to a potential cyber threat |
US10135855B2 (en) * | 2016-01-19 | 2018-11-20 | Honeywell International Inc. | Near-real-time export of cyber-security risk information |
GB2547201B (en) * | 2016-02-09 | 2022-08-31 | Darktrace Holdings Ltd | Cyber security |
RU2675900C1 (en) * | 2018-01-31 | 2018-12-25 | Федеральное государственное казенное военное образовательное учреждение высшего образования "Академия Федеральной службы охраны Российской Федерации" (Академия ФСО России) | METHOD OF PROTECTING NODES OF VIRTUAL PRIVATE COMMUNICATION NETWORK FROM DDoS-ATTACKS WITH METHOD OF MANAGING QUANTITY OF RENDERED COMMUNICATION SERVICES TO SUBSCRIBERS |
-
2019
- 2019-06-04 RU RU2019117226A patent/RU2702269C1/en active
- 2019-06-04 WO PCT/RU2019/000400 patent/WO2020246905A1/en active Application Filing
- 2019-06-24 EA EA201991278A patent/EA038063B1/en unknown
Also Published As
Publication number | Publication date |
---|---|
WO2020246905A1 (en) | 2020-12-10 |
EA038063B1 (en) | 2021-06-30 |
RU2702269C1 (en) | 2019-10-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EA201991278A1 (en) | INTELLIGENT CYBER THREAT MANAGEMENT SYSTEM | |
US10148685B2 (en) | Event correlation across heterogeneous operations | |
US9742788B2 (en) | Event correlation across heterogeneous operations | |
JP6736657B2 (en) | A computerized system that securely delivers and exchanges cyber threat information in a standardized format | |
US10264009B2 (en) | Automated machine learning scheme for software exploit prediction | |
CN111431939B (en) | CTI-based SDN malicious flow defense method | |
CN109325009A (en) | The method and device of log parsing | |
CA2840992A1 (en) | Syntactical fingerprinting | |
US11568277B2 (en) | Method and apparatus for detecting anomalies in mission critical environments using word representation learning | |
Modi et al. | Towards automated threat intelligence fusion | |
Lee et al. | Toward the SIEM architecture for cloud-based security services | |
US20180367558A1 (en) | Information analysis system, information analysis method, and recording medium | |
US11997122B2 (en) | Systems and methods for analyzing cybersecurity events | |
González-Granadillo et al. | ETIP: An Enriched Threat Intelligence Platform for improving OSINT correlation, analysis, visualization and sharing capabilities | |
US10972484B1 (en) | Enriching malware information for use with network security analysis and malware detection | |
RU2012141466A (en) | SYSTEM AND METHOD FOR ANALYZING EVENTS FOR LAUNCHING FILES TO DETERMINE THE RATING OF THEIR SECURITY | |
Fetjah et al. | Toward a big data architecture for security events analytic | |
CN112714118B (en) | Network traffic detection method and device | |
EA202092860A1 (en) | SYSTEM OF INTELLIGENT MANAGEMENT OF RISKS AND VULNERABILITIES OF INFRASTRUCTURE ELEMENTS | |
CN110381008B (en) | Network security dynamic defense system and method based on big data | |
CN113014587B (en) | API detection method and device, electronic equipment and storage medium | |
KR101543377B1 (en) | Apparatus and method for analyzing data using mapreduce based on nosql | |
CN113497793B (en) | Model optimization method, alarm event detection method, device and equipment | |
CN112769755A (en) | DNS log statistical feature extraction method for threat detection | |
Djemaiel et al. | Optimizing big data management using conceptual graphs: a mark-based approach |