JP6585131B2 - ネットワークの異常検出システムのためのグラフ・データベース分析 - Google Patents
ネットワークの異常検出システムのためのグラフ・データベース分析 Download PDFInfo
- Publication number
- JP6585131B2 JP6585131B2 JP2017169630A JP2017169630A JP6585131B2 JP 6585131 B2 JP6585131 B2 JP 6585131B2 JP 2017169630 A JP2017169630 A JP 2017169630A JP 2017169630 A JP2017169630 A JP 2017169630A JP 6585131 B2 JP6585131 B2 JP 6585131B2
- Authority
- JP
- Japan
- Prior art keywords
- network
- graph
- data
- node
- event
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/901—Indexing; Data structures therefor; Storage structures
- G06F16/9024—Graphs; Linked lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/23—Clustering techniques
- G06F18/231—Hierarchical techniques, i.e. dividing or merging pattern sets so as to obtain a dendrogram
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2218/00—Aspects of pattern recognition specially adapted for signal processing
- G06F2218/12—Classification; Matching
Description
104a、104b、104c コンピューティング資産
106 ネットワーク保護ツール(ファイアウォール、IDS、プロキシ・ログなど)
108 インターネット
110 セキュリティ情報/イベント・マネージャ(SIEM)
112 データ分析デバイス
114 処理ユニット
118 データ・ストア
120a/b グラフ解析モジュール
122a、122b データ通信パス
Claims (8)
- データ分析デバイスによって、コンピューティング・ネットワークにおけるコンピュータ・ネットワーク・イベントに関連するパラメータを含む複数のログ・データ・エントリを受信するステップと、
前記データ分析デバイスによって1つ以上のパラメータを抽出するステップであって、前記パラメータはリアルタイムで抽出される、前記抽出するステップと、
前記データ分析デバイスによって、第1グラフ・メトリックまたは第2グラフ・メトリックのうちの少なくとも1つに基づいてネットワーク・イベント・グラフを生成するステップであって、前記第1および第2グラフ・メトリックは、前記抽出された1つ以上のパラメータに基づく、前記生成するステップと、
前記ネットワーク・イベント・グラフに対して実行された照会、およびホワイトリスト機能を有効化する偽陽性処理(FPH:false positive handling)機能であって、前記ホワイトリスト機能とは前記コンピューティング・ネットワークにおいて相対的重要度の突然の変動を周期的に生成させる前記コンピューティング・ネットワーク内の既知の優良ノードを識別するために適用される機能である、前記偽陽性処理機能に基づいて、前記データ分析デバイスによって、前記コンピューティング・ネットワークに関連する異常なイベントまたは前記コンピューティング・ネットワークに関連する悪意あるイベントのうちの少なくとも1つが発生したかどうかを検出するステップと、
を含む、コンピュータに実装された方法。 - 検出するステップは、少なくとも1つのプライマリ・ノードとのデータ通信に関与した1つ以上のセカンダリ・ノードを検出するために、前記ネットワーク・イベント・グラフに対して1つ以上の照会を実行することを含む、請求項1に記載の方法。
- 前記少なくとも1つのプライマリ・ノードは、前記異常なイベントまたは前記悪意あるイベントのうちの少なくとも1つに直接関連している、請求項2に記載の方法。
- 前記少なくとも1つのプライマリ・ノードと相関を有する少なくとも1つのターシャリ・ノードを識別するために、前記データ分析デバイスによって、前記1つ以上のセカンダリ・ノードのネットワーク通信アクティビティを分析するステップ
をさらに含む、請求項3に記載の方法。 - 前記ネットワーク・イベント・グラフならびに前記第1および第2グラフ・メトリックを、前記データ分析デバイスの第1ストレージ媒体に記憶するステップ
をさらに含む、請求項1に記載の方法。 - 前記第1ストレージ媒体は、グラフ・データベースまたはグラフィックス処理ユニット(GPU)加速グラフ・データベースのうちの少なくとも1つである、請求項5に記載の方法。
- 前記第1グラフ・メトリックおよび前記第2グラフ・メトリックを前記データ分析デバイスの第2ストレージ媒体に記憶するステップであって、前記第1ストレージ媒体に記憶されるように前記第1および第2グラフ・メトリックをフォーマットすることを含む、前記第2ストレージ媒体に記憶するステップ
をさらに含む、請求項6に記載の方法。 - 抽出するステップは、1つ以上のパラメータをリアルタイムで抽出するために、データ・ストリーム処理エンジンを使用して抽出、変換、ロード関数を適用することを含む、請求項1に記載の方法。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201662384128P | 2016-09-06 | 2016-09-06 | |
US62/384,128 | 2016-09-06 |
Publications (2)
Publication Number | Publication Date |
---|---|
JP2018049602A JP2018049602A (ja) | 2018-03-29 |
JP6585131B2 true JP6585131B2 (ja) | 2019-10-02 |
Family
ID=59858507
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2017169630A Active JP6585131B2 (ja) | 2016-09-06 | 2017-09-04 | ネットワークの異常検出システムのためのグラフ・データベース分析 |
Country Status (4)
Country | Link |
---|---|
US (2) | US10530796B2 (ja) |
EP (1) | EP3291120B1 (ja) |
JP (1) | JP6585131B2 (ja) |
AU (1) | AU2017221858B2 (ja) |
Families Citing this family (86)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10382534B1 (en) | 2015-04-04 | 2019-08-13 | Cisco Technology, Inc. | Selective load balancing of network traffic |
US11005682B2 (en) | 2015-10-06 | 2021-05-11 | Cisco Technology, Inc. | Policy-driven switch overlay bypass in a hybrid cloud network environment |
US10523657B2 (en) | 2015-11-16 | 2019-12-31 | Cisco Technology, Inc. | Endpoint privacy preservation with cloud conferencing |
US10686792B1 (en) * | 2016-05-13 | 2020-06-16 | Nuvolex, Inc. | Apparatus and method for administering user identities across on premise and third-party computation resources |
US10958667B1 (en) | 2016-06-03 | 2021-03-23 | Mcafee Llc | Determining computing system incidents using node graphs |
US10659283B2 (en) | 2016-07-08 | 2020-05-19 | Cisco Technology, Inc. | Reducing ARP/ND flooding in cloud environment |
US10263898B2 (en) | 2016-07-20 | 2019-04-16 | Cisco Technology, Inc. | System and method for implementing universal cloud classification (UCC) as a service (UCCaaS) |
WO2018017151A1 (en) * | 2016-07-21 | 2018-01-25 | Level 3 Communications, Llc | System and method for voice security in a telecommunications network |
US10706144B1 (en) * | 2016-09-09 | 2020-07-07 | Bluerisc, Inc. | Cyber defense with graph theoretical approach |
US10476896B2 (en) | 2016-09-13 | 2019-11-12 | Accenture Global Solutions Limited | Malicious threat detection through time series graph analysis |
US11044162B2 (en) | 2016-12-06 | 2021-06-22 | Cisco Technology, Inc. | Orchestration of cloud and fog interactions |
US10326817B2 (en) | 2016-12-20 | 2019-06-18 | Cisco Technology, Inc. | System and method for quality-aware recording in large scale collaborate clouds |
US10334029B2 (en) | 2017-01-10 | 2019-06-25 | Cisco Technology, Inc. | Forming neighborhood groups from disperse cloud providers |
US10552191B2 (en) | 2017-01-26 | 2020-02-04 | Cisco Technology, Inc. | Distributed hybrid cloud orchestration model |
US10904278B2 (en) * | 2017-05-26 | 2021-01-26 | Alien Vault, Inc. | Detection system for network security threats |
US10892940B2 (en) | 2017-07-21 | 2021-01-12 | Cisco Technology, Inc. | Scalable statistics and analytics mechanisms in cloud networking |
US10521584B1 (en) * | 2017-08-28 | 2019-12-31 | Amazon Technologies, Inc. | Computer threat analysis service |
US10353800B2 (en) * | 2017-10-18 | 2019-07-16 | Cisco Technology, Inc. | System and method for graph based monitoring and management of distributed systems |
US10956437B1 (en) | 2017-10-21 | 2021-03-23 | Teletracking Technologies, Inc. | Systems and methods for implementing secure database requests in a role-based application environment |
US10547629B2 (en) * | 2017-11-05 | 2020-01-28 | Rapid7, Inc. | Detecting malicious network activity using time series payload data |
US20220232025A1 (en) | 2017-11-27 | 2022-07-21 | Lacework, Inc. | Detecting anomalous behavior of a device |
US11765249B2 (en) | 2017-11-27 | 2023-09-19 | Lacework, Inc. | Facilitating developer efficiency and application quality |
US11973784B1 (en) | 2017-11-27 | 2024-04-30 | Lacework, Inc. | Natural language interface for an anomaly detection framework |
US11979422B1 (en) | 2017-11-27 | 2024-05-07 | Lacework, Inc. | Elastic privileges in a secure access service edge |
US11894984B2 (en) | 2017-11-27 | 2024-02-06 | Lacework, Inc. | Configuring cloud deployments based on learnings obtained by monitoring other cloud deployments |
US10419469B1 (en) | 2017-11-27 | 2019-09-17 | Lacework Inc. | Graph-based user tracking and threat detection |
US11770398B1 (en) | 2017-11-27 | 2023-09-26 | Lacework, Inc. | Guided anomaly detection framework |
US11785104B2 (en) | 2017-11-27 | 2023-10-10 | Lacework, Inc. | Learning from similar cloud deployments |
US11792284B1 (en) | 2017-11-27 | 2023-10-17 | Lacework, Inc. | Using data transformations for monitoring a cloud compute environment |
US11818156B1 (en) | 2017-11-27 | 2023-11-14 | Lacework, Inc. | Data lake-enabled security platform |
US11849000B2 (en) | 2017-11-27 | 2023-12-19 | Lacework, Inc. | Using real-time monitoring to inform static analysis |
US20220232024A1 (en) | 2017-11-27 | 2022-07-21 | Lacework, Inc. | Detecting deviations from typical user behavior |
US10785239B2 (en) * | 2017-12-08 | 2020-09-22 | Mcafee, Llc | Learning maliciousness in cybersecurity graphs |
US10992519B2 (en) | 2018-03-26 | 2021-04-27 | Alien Vault, Inc. | Storage system for network information |
US11372893B2 (en) | 2018-06-01 | 2022-06-28 | Ntt Security Holdings Corporation | Ensemble-based data curation pipeline for efficient label propagation |
US10855702B2 (en) | 2018-06-06 | 2020-12-01 | Reliaquest Holdings, Llc | Threat mitigation system and method |
US11709946B2 (en) | 2018-06-06 | 2023-07-25 | Reliaquest Holdings, Llc | Threat mitigation system and method |
US10303688B1 (en) * | 2018-06-13 | 2019-05-28 | Stardog Union | System and method for reducing data retrieval delays via prediction-based generation of data subgraphs |
US10949428B2 (en) * | 2018-07-12 | 2021-03-16 | Forcepoint, LLC | Constructing event distributions via a streaming scoring operation |
US11271939B2 (en) * | 2018-07-31 | 2022-03-08 | Splunk Inc. | Facilitating detection of suspicious access to resources |
CN109344294B (zh) * | 2018-08-14 | 2023-03-31 | 创新先进技术有限公司 | 特征生成方法、装置、电子设备及计算机可读存储介质 |
KR102225040B1 (ko) * | 2018-08-29 | 2021-03-09 | 한국과학기술원 | 인공 지능 기반의 통합 로그 관리 방법 및 그 시스템 |
US11496493B2 (en) * | 2018-09-19 | 2022-11-08 | Nec Corporation | Dynamic transaction graph analysis |
US11463472B2 (en) * | 2018-10-24 | 2022-10-04 | Nec Corporation | Unknown malicious program behavior detection using a graph neural network |
US11354325B2 (en) * | 2018-10-25 | 2022-06-07 | Bank Of America Corporation | Methods and apparatus for a multi-graph search and merge engine |
RU2710985C1 (ru) * | 2019-03-28 | 2020-01-14 | федеральное государственное автономное образовательное учреждение высшего образования "Санкт-Петербургский политехнический университет Петра Великого" (ФГАОУ ВО "СПбПУ") | Способ оценки устойчивости киберфизической системы к компьютерным атакам |
US11252185B2 (en) * | 2019-03-28 | 2022-02-15 | NTT Security Corporation | Graph stream mining pipeline for efficient subgraph detection |
US11863580B2 (en) | 2019-05-31 | 2024-01-02 | Varmour Networks, Inc. | Modeling application dependencies to identify operational risk |
US11575563B2 (en) | 2019-05-31 | 2023-02-07 | Varmour Networks, Inc. | Cloud security management |
US11711374B2 (en) | 2019-05-31 | 2023-07-25 | Varmour Networks, Inc. | Systems and methods for understanding identity and organizational access to applications within an enterprise environment |
USD926809S1 (en) | 2019-06-05 | 2021-08-03 | Reliaquest Holdings, Llc | Display screen or portion thereof with a graphical user interface |
USD926810S1 (en) | 2019-06-05 | 2021-08-03 | Reliaquest Holdings, Llc | Display screen or portion thereof with a graphical user interface |
USD926200S1 (en) | 2019-06-06 | 2021-07-27 | Reliaquest Holdings, Llc | Display screen or portion thereof with a graphical user interface |
USD926782S1 (en) | 2019-06-06 | 2021-08-03 | Reliaquest Holdings, Llc | Display screen or portion thereof with a graphical user interface |
USD926811S1 (en) | 2019-06-06 | 2021-08-03 | Reliaquest Holdings, Llc | Display screen or portion thereof with a graphical user interface |
US11323463B2 (en) * | 2019-06-14 | 2022-05-03 | Datadog, Inc. | Generating data structures representing relationships among entities of a high-scale network infrastructure |
US11023896B2 (en) * | 2019-06-20 | 2021-06-01 | Coupang, Corp. | Systems and methods for real-time processing of data streams |
US11271824B2 (en) | 2019-07-25 | 2022-03-08 | Vmware, Inc. | Visual overlays for network insights |
US11005727B2 (en) * | 2019-07-25 | 2021-05-11 | Vmware, Inc. | Visual overlays for network insights |
US20210056071A1 (en) * | 2019-08-22 | 2021-02-25 | Siemens Corporation | Method for generating a coherent representation for at least two log files |
CN110673994B (zh) * | 2019-09-20 | 2023-05-12 | 北京百度网讯科技有限公司 | 数据库测试方法及装置 |
US11178042B2 (en) * | 2019-10-14 | 2021-11-16 | Red Hat, Inc. | Protocol and state analysis in a dynamic routing network |
CN110991616B (zh) * | 2019-12-02 | 2024-04-05 | 北京工业大学 | 一种基于删减型前馈小世界神经网络出水bod预测方法 |
US11538047B2 (en) * | 2019-12-19 | 2022-12-27 | Accenture Global Solutions Limited | Utilizing a machine learning model to determine attribution for communication channels |
US10873592B1 (en) | 2019-12-23 | 2020-12-22 | Lacework Inc. | Kubernetes launch graph |
US11188571B1 (en) | 2019-12-23 | 2021-11-30 | Lacework Inc. | Pod communication graph |
US11201955B1 (en) | 2019-12-23 | 2021-12-14 | Lacework Inc. | Agent networking in a containerized environment |
CN111092900B (zh) * | 2019-12-24 | 2022-04-05 | 北京北信源软件股份有限公司 | 服务器异常连接和扫描行为的监控方法和装置 |
US11551230B2 (en) * | 2020-01-14 | 2023-01-10 | Visa International Service Association | Security attack detections for transactions in electronic payment processing networks |
US11595418B2 (en) * | 2020-07-21 | 2023-02-28 | T-Mobile Usa, Inc. | Graphical connection viewer for discovery of suspect network traffic |
KR102403881B1 (ko) * | 2020-09-08 | 2022-05-31 | 주식회사 소테리아 | 이벤트의 인과관계 가시화 장치 및 그 방법 |
CN112085104B (zh) * | 2020-09-10 | 2024-04-12 | 杭州中奥科技有限公司 | 一种事件特征提取方法、装置、存储介质及电子设备 |
US11552974B1 (en) * | 2020-10-30 | 2023-01-10 | Splunk Inc. | Cybersecurity risk analysis and mitigation |
CN112688810B (zh) * | 2020-12-23 | 2023-04-07 | 苏州三六零智能安全科技有限公司 | 网络资产信息获取方法、设备及可读存储介质 |
US11818152B2 (en) | 2020-12-23 | 2023-11-14 | Varmour Networks, Inc. | Modeling topic-based message-oriented middleware within a security system |
US11876817B2 (en) | 2020-12-23 | 2024-01-16 | Varmour Networks, Inc. | Modeling queue-based message-oriented middleware relationships in a security system |
US20220229903A1 (en) * | 2021-01-21 | 2022-07-21 | Intuit Inc. | Feature extraction and time series anomaly detection over dynamic graphs |
US11777978B2 (en) * | 2021-01-29 | 2023-10-03 | Varmour Networks, Inc. | Methods and systems for accurately assessing application access risk |
AU2022200807A1 (en) * | 2021-02-08 | 2022-08-25 | Varmour Networks, Inc. | Systems and Methods for Understanding Identity and Organizational Access to Applications within an Enterprise Environment |
JP7157200B1 (ja) * | 2021-03-31 | 2022-10-19 | エヌ・ティ・ティ・コミュニケーションズ株式会社 | 分析装置、分析方法及び分析プログラム |
US11727142B2 (en) | 2021-04-08 | 2023-08-15 | International Business Machines Corporation | Identifying sensitive data risks in cloud-based enterprise deployments based on graph analytics |
US11734316B2 (en) | 2021-07-08 | 2023-08-22 | Varmour Networks, Inc. | Relationship-based search in a computing environment |
US20230038196A1 (en) * | 2021-08-04 | 2023-02-09 | Secureworks Corp. | Systems and methods of attack type and likelihood prediction |
EP4137946A1 (fr) * | 2021-08-19 | 2023-02-22 | Bull SAS | Procédé de représentation d'un système informatique distribué par plongement de graphe |
CN114301706B (zh) * | 2021-12-31 | 2023-07-21 | 上海纽盾科技股份有限公司 | 基于目标节点中现有威胁的防御方法、装置及系统 |
CN114706992B (zh) * | 2022-02-17 | 2022-09-30 | 中科雨辰科技有限公司 | 一种基于知识图谱的事件信息处理系统 |
Family Cites Families (37)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6735548B1 (en) | 2001-04-10 | 2004-05-11 | Cisco Technology, Inc. | Method for automated network availability analysis |
US20030188189A1 (en) * | 2002-03-27 | 2003-10-02 | Desai Anish P. | Multi-level and multi-platform intrusion detection and response system |
JP2004046742A (ja) * | 2002-07-15 | 2004-02-12 | Ntt Data Corp | 攻撃分析装置、センサ、攻撃分析方法及びプログラム |
US8359650B2 (en) * | 2002-10-01 | 2013-01-22 | Skybox Secutiry Inc. | System, method and computer readable medium for evaluating potential attacks of worms |
JPWO2006077666A1 (ja) * | 2004-12-28 | 2008-06-19 | 国立大学法人京都大学 | 観測データ表示装置、観測データ表示方法、観測データ表示プログラムおよびそれを記録したコンピュータ読み取り可能な記録媒体 |
US8266697B2 (en) * | 2006-03-04 | 2012-09-11 | 21St Century Technologies, Inc. | Enabling network intrusion detection by representing network activity in graphical form utilizing distributed data sensors to detect and transmit activity data |
US7624448B2 (en) * | 2006-03-04 | 2009-11-24 | 21St Century Technologies, Inc. | Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data |
US20090097418A1 (en) | 2007-10-11 | 2009-04-16 | Alterpoint, Inc. | System and method for network service path analysis |
US8881288B1 (en) * | 2008-10-28 | 2014-11-04 | Intelligent Automation, Inc. | Graphical models for cyber security analysis in enterprise networks |
US8674993B1 (en) | 2009-10-14 | 2014-03-18 | John Fleming | Graph database system and method for facilitating financial and corporate relationship analysis |
US8682812B1 (en) * | 2010-12-23 | 2014-03-25 | Narus, Inc. | Machine learning based botnet detection using real-time extracted traffic features |
US8762298B1 (en) * | 2011-01-05 | 2014-06-24 | Narus, Inc. | Machine learning based botnet detection using real-time connectivity graph based traffic features |
US9098798B2 (en) * | 2011-05-26 | 2015-08-04 | Massachusetts Institute Of Technology | Methods and apparatus for prediction and modification of behavior in networks |
US9032527B2 (en) * | 2012-01-11 | 2015-05-12 | Hewlett-Packard Development Company, L.P. | Inferring a state of behavior through marginal probability estimation |
AU2013272215B2 (en) | 2012-03-22 | 2017-10-12 | Imperial Innovations Limited | Anomaly detection to identify coordinated group attacks in computer networks |
US8973100B2 (en) * | 2013-01-08 | 2015-03-03 | Facebook, Inc. | Trust-based authentication in a social networking system |
US9202052B1 (en) * | 2013-06-21 | 2015-12-01 | Emc Corporation | Dynamic graph anomaly detection framework and scalable system architecture |
JP2015022038A (ja) | 2013-07-17 | 2015-02-02 | 富士ゼロックス株式会社 | 画像形成装置 |
US9203765B2 (en) | 2013-08-30 | 2015-12-01 | Cisco Technology, Inc. | Flow based network service insertion using a service chain identifier |
US9231962B1 (en) * | 2013-11-12 | 2016-01-05 | Emc Corporation | Identifying suspicious user logins in enterprise networks |
US10021116B2 (en) * | 2014-02-19 | 2018-07-10 | HCA Holdings, Inc. | Network segmentation |
JP5640166B1 (ja) * | 2014-03-31 | 2014-12-10 | 株式会社ラック | ログ分析システム |
US9916187B2 (en) * | 2014-10-27 | 2018-03-13 | Oracle International Corporation | Graph database system that dynamically compiles and executes custom graph analytic programs written in high-level, imperative programming language |
US9940472B2 (en) * | 2015-01-08 | 2018-04-10 | International Business Machines Corporation | Edge access control in querying facts stored in graph databases |
US10230742B2 (en) * | 2015-01-30 | 2019-03-12 | Anomali Incorporated | Space and time efficient threat detection |
US10614126B2 (en) | 2015-05-21 | 2020-04-07 | Oracle International Corporation | Textual query editor for graph databases that performs semantic analysis using extracted information |
US9407652B1 (en) * | 2015-06-26 | 2016-08-02 | Palantir Technologies Inc. | Network anomaly detection |
US9946719B2 (en) * | 2015-07-27 | 2018-04-17 | Sas Institute Inc. | Distributed data set encryption and decryption |
US9537880B1 (en) * | 2015-08-19 | 2017-01-03 | Palantir Technologies Inc. | Anomalous network monitoring, user behavior detection and database system |
US9699205B2 (en) * | 2015-08-31 | 2017-07-04 | Splunk Inc. | Network security system |
US10324773B2 (en) * | 2015-09-17 | 2019-06-18 | Salesforce.Com, Inc. | Processing events generated by internet of things (IoT) |
US10044745B1 (en) * | 2015-10-12 | 2018-08-07 | Palantir Technologies, Inc. | Systems for computer network security risk assessment including user compromise analysis associated with a network of devices |
US10630706B2 (en) * | 2015-10-21 | 2020-04-21 | Vmware, Inc. | Modeling behavior in a network |
US10248910B2 (en) | 2015-10-28 | 2019-04-02 | Fractal Industries, Inc. | Detection mitigation and remediation of cyberattacks employing an advanced cyber-decision platform |
US10331495B2 (en) * | 2016-02-05 | 2019-06-25 | Sas Institute Inc. | Generation of directed acyclic graphs from task routines |
US10015182B1 (en) * | 2016-06-30 | 2018-07-03 | Symantec Corporation | Systems and methods for protecting computing resources |
US10476896B2 (en) | 2016-09-13 | 2019-11-12 | Accenture Global Solutions Limited | Malicious threat detection through time series graph analysis |
-
2017
- 2017-08-30 EP EP17188522.1A patent/EP3291120B1/en active Active
- 2017-09-01 AU AU2017221858A patent/AU2017221858B2/en active Active
- 2017-09-04 JP JP2017169630A patent/JP6585131B2/ja active Active
- 2017-09-06 US US15/697,080 patent/US10530796B2/en active Active
-
2019
- 2019-12-23 US US16/724,655 patent/US11212306B2/en active Active
Also Published As
Publication number | Publication date |
---|---|
JP2018049602A (ja) | 2018-03-29 |
US20180069885A1 (en) | 2018-03-08 |
AU2017221858A1 (en) | 2018-03-22 |
US20200145441A1 (en) | 2020-05-07 |
US10530796B2 (en) | 2020-01-07 |
AU2017221858B2 (en) | 2018-10-11 |
EP3291120B1 (en) | 2021-04-21 |
EP3291120A1 (en) | 2018-03-07 |
US11212306B2 (en) | 2021-12-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6585131B2 (ja) | ネットワークの異常検出システムのためのグラフ・データベース分析 | |
JP6599946B2 (ja) | 時系列グラフ分析による悪意ある脅威の検出 | |
EP3195560B1 (en) | Lateral movement detection | |
US10121000B1 (en) | System and method to detect premium attacks on electronic networks and electronic devices | |
US11122063B2 (en) | Malicious domain scoping recommendation system | |
CN109074454B (zh) | 基于赝象对恶意软件自动分组 | |
JP2018530066A (ja) | 低信頼度のセキュリティイベントによるセキュリティインシデントの検出 | |
US20210360032A1 (en) | Cybersecurity risk analysis and anomaly detection using active and passive external reconnaissance | |
EP3921750B1 (en) | Dynamic cybersecurity peer identification using groups | |
US11647037B2 (en) | Penetration tests of systems under test | |
JP2012527691A (ja) | アプリケーションレベルセキュリティのためのシステムおよび方法 | |
CN107360198B (zh) | 可疑域名检测方法及系统 | |
Chen et al. | Efficient suspicious URL filtering based on reputation | |
WO2018213061A2 (en) | Timely causality analysis in homegeneous enterprise hosts | |
Lukova-Chuiko et al. | Threat Hunting as a Method of Protection Against Cyber Threats. | |
US20210112082A1 (en) | Computer security system for ingesting and analyzing network traffic | |
US10367835B1 (en) | Methods and apparatus for detecting suspicious network activity by new devices | |
WO2023163820A1 (en) | Graph-based analysis of security incidents | |
CN114900375A (zh) | 一种基于ai图分析的恶意威胁侦测方法 | |
Yüksel et al. | Towards useful anomaly detection for back office networks | |
US10491615B2 (en) | User classification by local to global sequence alignment techniques for anomaly-based intrusion detection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20170904 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A821 Effective date: 20171228 |
|
A977 | Report on retrieval |
Free format text: JAPANESE INTERMEDIATE CODE: A971007 Effective date: 20180718 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20181002 |
|
A601 | Written request for extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A601 Effective date: 20181227 |
|
A601 | Written request for extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A601 Effective date: 20190228 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20190329 Free format text: JAPANESE INTERMEDIATE CODE: A821 Effective date: 20190329 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A821 Effective date: 20190401 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20190827 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20190904 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 6585131 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |