EA201991278A1 - INTELLIGENT CYBER THREAT MANAGEMENT SYSTEM - Google Patents

INTELLIGENT CYBER THREAT MANAGEMENT SYSTEM

Info

Publication number
EA201991278A1
EA201991278A1 EA201991278A EA201991278A EA201991278A1 EA 201991278 A1 EA201991278 A1 EA 201991278A1 EA 201991278 A EA201991278 A EA 201991278A EA 201991278 A EA201991278 A EA 201991278A EA 201991278 A1 EA201991278 A1 EA 201991278A1
Authority
EA
Eurasian Patent Office
Prior art keywords
information
data
cyber
cyber threats
module
Prior art date
Application number
EA201991278A
Other languages
Russian (ru)
Other versions
EA038063B1 (en
Inventor
Дмитрий Юрьевич РЮПИЧЕВ
Евгений Александрович НОВИКОВ
Максим Михайлович НИЧИПОРЧУК
Original Assignee
Публичное Акционерное Общество "Сбербанк России" (Пао Сбербанк)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Публичное Акционерное Общество "Сбербанк России" (Пао Сбербанк) filed Critical Публичное Акционерное Общество "Сбербанк России" (Пао Сбербанк)
Publication of EA201991278A1 publication Critical patent/EA201991278A1/en
Publication of EA038063B1 publication Critical patent/EA038063B1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/22Arrangements for sorting or merging computer data on continuous record carriers, e.g. tape, drum, disc
    • G06F7/24Sorting, i.e. extracting data from one or more carriers, rearranging the data in numerical or other ordered sequence, and rerecording the sorted data on the original carrier or on a different carrier or set of carriers sorting methods in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

Настоящее изобретение относится к области информационной защиты, в частности к системам интеллектуального управления киберугрозами. Основным техническим результатом является повышение информационной безопасности за счет осуществления автоматизированной обработки данных о поступающих киберугрозах, обеспечивающей постоянную актуализацию данных о типах киберугроз и индикаторов компрометации, соответствующих им. Заявленная система интеллектуального управления киберугрозами содержит по меньшей мере один процессор, обеспечивающий обработку информационных потоков между модулями системы; по меньшей мере одно средство хранения данных, содержащее машиночитаемые инструкции, исполняемые процессором; модуль получения данных, обеспечивающий сбор информации из внешних и внутренних источников данных, содержащих информацию о киберугрозах; фильтрацию полученных данных и преобразование полученной информации в единый формат представления; модуль обогащения данных, обеспечивающий дополнение данных об индикаторах компрометации киберугроз из внешних источников данных; выполнение поиска и сбора информации о вредоносном коде, связанном с известными киберугрозами; обновление информации о кибербезопасности, включающей, по меньшей мере, сведения об уязвимости используемого программного обеспечения, о наличии вредоносного кода, связанном по меньшей мере с одной уязвимостью, и информацию об обновлении по меньшей мере одного программного обеспечения, обеспечивающем защиту по меньшей мере от одного типа уязвимости; выявление учетных записей пользователей, которые были задействованы при взаимодействии с ресурсами, связанными с индикаторами компрометации, информация по которым хранится в базе данных; базу данных, обеспечивающую хранение актуальной информации о киберугрозах, передаваемую от модулей получения данных и модуля обогащения данных; модуль интеграции, обеспечивающий передачу в унифицированном формате данных о киберугрозах системам кибербезопасности; модуль аналитики, обеспечивающий выполнение анализа уязвимостей ИТ-инфраструктуры в подключенных к модулю интеграции системах; выявление и отображение неявных связей между информационными сущностями, относящимися по меньшей мере к одному типу киберугрозы, с помощью анализа цепочек связей между упомянутыми сущностями и поиском общих узлов упомянутых сущностей.The present invention relates to the field of information security, in particular to systems for intelligent management of cyber threats. The main technical result is an increase in information security through the implementation of automated processing of data on incoming cyber threats, which ensures constant updating of data on the types of cyber threats and indicators of compromise corresponding to them. The claimed system for intelligent management of cyber threats contains at least one processor that processes information flows between the modules of the system; at least one data storage medium containing machine-readable instructions executed by the processor; a data acquisition module that collects information from external and internal data sources containing information about cyber threats; filtering the received data and converting the received information into a single presentation format; a data enrichment module that supplements data on indicators of cyber threat compromise from external data sources; performing searches and collecting information about malicious code associated with known cyber threats; update of cybersecurity information, including at least information about the vulnerability of the software used, the presence of malicious code associated with at least one vulnerability, and information about the update of at least one software that provides protection against at least one type vulnerabilities; identification of user accounts that were involved in interacting with resources associated with indicators of compromise, information on which is stored in the database; a database that provides storage of up-to-date information about cyber threats, transmitted from the data acquisition modules and the data enrichment module; an integration module that ensures the transmission of cyber threat data to cyber security systems in a unified format; analytics module that provides analysis of IT infrastructure vulnerabilities in systems connected to the integration module; identifying and displaying implicit relationships between information entities belonging to at least one type of cyber threat by analyzing chains of relationships between said entities and searching for common nodes of said entities.

EA201991278A 2019-06-04 2019-06-24 Intelligent control system for cyberthreats EA038063B1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
RU2019117226A RU2702269C1 (en) 2019-06-04 2019-06-04 Intelligent control system for cyberthreats

Publications (2)

Publication Number Publication Date
EA201991278A1 true EA201991278A1 (en) 2020-12-30
EA038063B1 EA038063B1 (en) 2021-06-30

Family

ID=68170889

Family Applications (1)

Application Number Title Priority Date Filing Date
EA201991278A EA038063B1 (en) 2019-06-04 2019-06-24 Intelligent control system for cyberthreats

Country Status (3)

Country Link
EA (1) EA038063B1 (en)
RU (1) RU2702269C1 (en)
WO (1) WO2020246905A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
RU2680736C1 (en) 2018-01-17 2019-02-26 Общество с ограниченной ответственностью "Группа АйБи ТДС" Malware files in network traffic detection server and method
RU2728498C1 (en) 2019-12-05 2020-07-29 Общество с ограниченной ответственностью "Группа АйБи ТДС" Method and system for determining software belonging by its source code
RU2728497C1 (en) 2019-12-05 2020-07-29 Общество с ограниченной ответственностью "Группа АйБи ТДС" Method and system for determining belonging of software by its machine code
RU2747476C1 (en) * 2020-08-04 2021-05-05 Публичное Акционерное Общество "Сбербанк России" (Пао Сбербанк) Intelligent risk and vulnerability management system for infrastructure elements
RU2743619C1 (en) 2020-08-06 2021-02-20 Общество с ограниченной ответственностью "Группа АйБи ТДС" Method and system for generating the list of compromise indicators
TR202101120A2 (en) * 2021-01-26 2021-04-21 Turkcell Technology Research And Development Co A SYSTEM THAT DETECTS FRAUD CONDITIONS IN THE DATA FLOW
US11947572B2 (en) 2021-03-29 2024-04-02 Group IB TDS, Ltd Method and system for clustering executable files
CN113726826B (en) * 2021-11-04 2022-06-17 北京微步在线科技有限公司 Threat information generation method and device

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2279465B1 (en) * 2008-04-17 2014-04-02 Siemens Aktiengesellschaft Method and system for cyber security management of industrial control systems
KR101039717B1 (en) * 2009-07-07 2011-06-09 한국전자통신연구원 Cyber Threat Forecasting Engine System for Predicting Cyber Threats and Method for Predicting Cyber Threats Using the Same System
US9118702B2 (en) * 2011-05-31 2015-08-25 Bce Inc. System and method for generating and refining cyber threat intelligence data
GB2520987B (en) * 2013-12-06 2016-06-01 Cyberlytic Ltd Using fuzzy logic to assign a risk level profile to a potential cyber threat
US10135855B2 (en) * 2016-01-19 2018-11-20 Honeywell International Inc. Near-real-time export of cyber-security risk information
GB2547201B (en) * 2016-02-09 2022-08-31 Darktrace Holdings Ltd Cyber security
RU2675900C1 (en) * 2018-01-31 2018-12-25 Федеральное государственное казенное военное образовательное учреждение высшего образования "Академия Федеральной службы охраны Российской Федерации" (Академия ФСО России) METHOD OF PROTECTING NODES OF VIRTUAL PRIVATE COMMUNICATION NETWORK FROM DDoS-ATTACKS WITH METHOD OF MANAGING QUANTITY OF RENDERED COMMUNICATION SERVICES TO SUBSCRIBERS

Also Published As

Publication number Publication date
WO2020246905A1 (en) 2020-12-10
EA038063B1 (en) 2021-06-30
RU2702269C1 (en) 2019-10-07

Similar Documents

Publication Publication Date Title
EA201991278A1 (en) INTELLIGENT CYBER THREAT MANAGEMENT SYSTEM
US10148685B2 (en) Event correlation across heterogeneous operations
US9742788B2 (en) Event correlation across heterogeneous operations
JP6736657B2 (en) A computerized system that securely delivers and exchanges cyber threat information in a standardized format
US10264009B2 (en) Automated machine learning scheme for software exploit prediction
CN111431939B (en) CTI-based SDN malicious flow defense method
CN109325009A (en) The method and device of log parsing
CA2840992A1 (en) Syntactical fingerprinting
US11568277B2 (en) Method and apparatus for detecting anomalies in mission critical environments using word representation learning
Modi et al. Towards automated threat intelligence fusion
Lee et al. Toward the SIEM architecture for cloud-based security services
US20180367558A1 (en) Information analysis system, information analysis method, and recording medium
US11997122B2 (en) Systems and methods for analyzing cybersecurity events
González-Granadillo et al. ETIP: An Enriched Threat Intelligence Platform for improving OSINT correlation, analysis, visualization and sharing capabilities
US10972484B1 (en) Enriching malware information for use with network security analysis and malware detection
RU2012141466A (en) SYSTEM AND METHOD FOR ANALYZING EVENTS FOR LAUNCHING FILES TO DETERMINE THE RATING OF THEIR SECURITY
Fetjah et al. Toward a big data architecture for security events analytic
CN112714118B (en) Network traffic detection method and device
EA202092860A1 (en) SYSTEM OF INTELLIGENT MANAGEMENT OF RISKS AND VULNERABILITIES OF INFRASTRUCTURE ELEMENTS
CN110381008B (en) Network security dynamic defense system and method based on big data
CN113014587B (en) API detection method and device, electronic equipment and storage medium
KR101543377B1 (en) Apparatus and method for analyzing data using mapreduce based on nosql
CN113497793B (en) Model optimization method, alarm event detection method, device and equipment
CN112769755A (en) DNS log statistical feature extraction method for threat detection
Djemaiel et al. Optimizing big data management using conceptual graphs: a mark-based approach