JP7436501B2 - サイバーセキュリティ・イベントについての時間関係を推測すること - Google Patents

サイバーセキュリティ・イベントについての時間関係を推測すること Download PDF

Info

Publication number
JP7436501B2
JP7436501B2 JP2021558564A JP2021558564A JP7436501B2 JP 7436501 B2 JP7436501 B2 JP 7436501B2 JP 2021558564 A JP2021558564 A JP 2021558564A JP 2021558564 A JP2021558564 A JP 2021558564A JP 7436501 B2 JP7436501 B2 JP 7436501B2
Authority
JP
Japan
Prior art keywords
time
security
description
violation
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2021558564A
Other languages
English (en)
Japanese (ja)
Other versions
JP2022527511A5 (https=
JPWO2020208448A5 (https=
JP2022527511A (ja
Inventor
ラヴィンドラ、プリーティ
パク、ヨンジャ
キラット、ディールング
ジャン、ジヨン
シュトークリン、マーク、フィリップ
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of JP2022527511A publication Critical patent/JP2022527511A/ja
Publication of JP2022527511A5 publication Critical patent/JP2022527511A5/ja
Publication of JPWO2020208448A5 publication Critical patent/JPWO2020208448A5/ja
Application granted granted Critical
Publication of JP7436501B2 publication Critical patent/JP7436501B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/30Semantic analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • G06F16/2477Temporal data queries
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/33Querying
    • G06F16/335Filtering based on additional data, e.g. user or group profiles
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/279Recognition of textual entities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/25Integrating or interfacing systems involving database management systems
    • G06F16/258Data format conversion from or to a database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/121Timestamp

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Audiology, Speech & Language Pathology (AREA)
  • General Health & Medical Sciences (AREA)
  • Fuzzy Systems (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Software Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
JP2021558564A 2019-04-06 2020-03-23 サイバーセキュリティ・イベントについての時間関係を推測すること Active JP7436501B2 (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/377,164 US11082434B2 (en) 2019-04-06 2019-04-06 Inferring temporal relationships for cybersecurity events
US16/377,164 2019-04-06
PCT/IB2020/052686 WO2020208448A1 (en) 2019-04-06 2020-03-23 Inferring temporal relationships for cybersecurity events

Publications (4)

Publication Number Publication Date
JP2022527511A JP2022527511A (ja) 2022-06-02
JP2022527511A5 JP2022527511A5 (https=) 2022-08-15
JPWO2020208448A5 JPWO2020208448A5 (https=) 2022-08-15
JP7436501B2 true JP7436501B2 (ja) 2024-02-21

Family

ID=72662552

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2021558564A Active JP7436501B2 (ja) 2019-04-06 2020-03-23 サイバーセキュリティ・イベントについての時間関係を推測すること

Country Status (5)

Country Link
US (1) US11082434B2 (https=)
JP (1) JP7436501B2 (https=)
CN (1) CN113647078B (https=)
GB (1) GB2598493B (https=)
WO (1) WO2020208448A1 (https=)

Families Citing this family (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12475019B2 (en) * 2018-06-14 2025-11-18 Ntt, Inc. System state estimation apparatus, system state estimation method and program
US11580127B1 (en) 2018-12-21 2023-02-14 Wells Fargo Bank, N.A. User interfaces for database visualizations
US11126711B2 (en) * 2019-04-09 2021-09-21 Jpmorgan Chase Bank, N.A. System and method for implementing a log source value tool for security information event management
US11934948B1 (en) * 2019-07-16 2024-03-19 The Government Of The United States As Represented By The Director, National Security Agency Adaptive deception system
US20220276945A1 (en) * 2019-07-29 2022-09-01 Nec Corporation Estimation apparatus, estimation method, and non-transitory computer readable medium
US11526625B2 (en) * 2019-10-28 2022-12-13 Bank Of America Corporation Systems for sanitizing production data for use in testing and development environments
CN112887119B (zh) * 2019-11-30 2022-09-16 华为技术有限公司 故障根因确定方法及装置、计算机存储介质
KR102452123B1 (ko) * 2020-12-23 2022-10-12 한국전자통신연구원 비정형 사이버 위협 정보 빅데이터 구축 장치, 사이버 위협 정보 빅데이터 구축 및 연관성 분석 방법
CN112910842B (zh) * 2021-01-14 2021-10-01 中国电子科技集团公司第十五研究所 一种基于流量还原的网络攻击事件取证方法与装置
US11416609B1 (en) * 2021-02-25 2022-08-16 Expel, Inc. Systems and methods for cyber security threat detection and expedited generation of investigation storyboards using intelligent cyber security automations
US11924250B2 (en) * 2021-04-21 2024-03-05 Microsoft Technology Licensing, Llc Automated contextual understanding of unstructured security documents
CN113032794A (zh) * 2021-04-23 2021-06-25 恒安嘉新(北京)科技股份公司 安全漏洞知识图谱的构建方法、装置、设备和存储介质
US12014375B2 (en) * 2021-07-02 2024-06-18 Target Brands, Inc. Generating security event case files from disparate unstructured data
US12321428B2 (en) * 2021-07-08 2025-06-03 Nippon Telegraph And Telephone Corporation User authentication device, user authentication method, and user authentication computer program
US12045270B2 (en) 2021-07-23 2024-07-23 International Business Machines Corporation Retrieving documents according to temporal similarity
CN113904838A (zh) * 2021-09-30 2022-01-07 北京天融信网络安全技术有限公司 一种传感器数据检测方法、装置、电子设备及存储介质
CN113869031B (zh) * 2021-10-15 2025-12-23 杭州网易智企科技有限公司 截止时间获取方法、介质、装置和计算设备
US11782784B2 (en) 2021-10-25 2023-10-10 Capital One Services, Llc Remediation action system
US12081562B2 (en) * 2021-10-25 2024-09-03 Capital One Services, Llc Predictive remediation action system
CN114039765A (zh) * 2021-11-04 2022-02-11 全球能源互联网研究院有限公司 一种配电物联网的安全管控方法、装置及电子设备
US12072918B1 (en) 2021-12-28 2024-08-27 Wells Fargo Bank, N.A. Machine learning using knowledge graphs
US11768837B1 (en) 2021-12-28 2023-09-26 Wells Fargo Bank, N.A. Semantic entity search using vector space
US11880379B1 (en) 2022-04-28 2024-01-23 Wells Fargo Bank, N.A. Identity resolution in knowledge graph databases
CN117251278A (zh) * 2022-06-10 2023-12-19 戴尔产品有限公司 数据处理方法、电子设备和计算机程序产品
CN115994175B (zh) * 2022-12-19 2026-03-17 北京百度网讯科技有限公司 面向网络言论的信息挖掘方法、装置和电子设备
US20240214425A1 (en) * 2022-12-27 2024-06-27 Cisco Technology, Inc. Using an end-to-end policy controller to automatically discover and inventory enforcement points in a network
US20240220724A1 (en) * 2023-01-04 2024-07-04 Astrata, Inc. Temporal Model
US12381900B2 (en) 2023-01-06 2025-08-05 International Business Machines Corporation Building a time dimension based on a time data model and creating an association relationship between the time dimension and a second data model for analyzing data in the time dimension
US12596878B1 (en) * 2023-02-14 2026-04-07 Anson An-Chun Tsao System for inferring saliency in a multivariate time series derived from periodic conversation with fine-tuned large language model
WO2024215328A1 (en) * 2023-04-14 2024-10-17 Pricewaterhousecoopers Llp Method and apparatus to extract client data with context using enterprise knowledge graph framework
CN116523039B (zh) * 2023-04-26 2024-02-09 华院计算技术(上海)股份有限公司 连铸知识图谱的生成方法及装置、存储介质、终端
US12580938B2 (en) 2023-11-20 2026-03-17 International Business Machines Corporation Conditional hypothesis generation for enterprise process trees
US12244637B1 (en) * 2024-02-09 2025-03-04 Netskope, Inc. Machine learning powered cloud sandbox for malware detection
US12596802B2 (en) * 2024-03-29 2026-04-07 Dell Products L.P. Malware detection techniques
US12572651B2 (en) 2024-05-07 2026-03-10 Netskope, Inc. Classifier for identifying suspicious PDF files to limit deep-scanning
US20260003955A1 (en) * 2024-07-01 2026-01-01 Samsung Electronics Co., Ltd. Privacy-aware mobile security threat detection and logging
US12596804B1 (en) 2024-10-04 2026-04-07 Netskope, Inc. Machine learning powered cloud sandbox for malware detection in portable document format (PDF) files
CN119397115B (zh) * 2024-11-05 2025-09-30 百度在线网络技术(北京)有限公司 事件描述生成方法、数据库生成方法、装置、电子设备
CN120950618B (zh) * 2025-10-14 2025-12-26 四维世景科技(北京)有限公司 一种基于地理网格编码的开源信息搜集整合系统及方法

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2018195197A (ja) 2017-05-19 2018-12-06 富士通株式会社 評価プログラム、評価方法および情報処理装置

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8595176B2 (en) 2009-12-16 2013-11-26 The Boeing Company System and method for network security event modeling and prediction
US8856936B2 (en) 2011-10-14 2014-10-07 Albeado Inc. Pervasive, domain and situational-aware, adaptive, automated, and coordinated analysis and control of enterprise-wide computers, networks, and applications for mitigation of business and operational risks and enhancement of cyber security
US9392010B2 (en) 2011-11-07 2016-07-12 Netflow Logic Corporation Streaming method and system for processing network metadata
US9256664B2 (en) * 2014-07-03 2016-02-09 Palantir Technologies Inc. System and method for news events detection and visualization
US9716721B2 (en) * 2014-08-29 2017-07-25 Accenture Global Services Limited Unstructured security threat information analysis
US9699205B2 (en) 2015-08-31 2017-07-04 Splunk Inc. Network security system
JP6838560B2 (ja) * 2015-12-14 2021-03-03 日本電気株式会社 情報分析システム、情報分析方法、及び、プログラム
US9992209B1 (en) * 2016-04-22 2018-06-05 Awake Security, Inc. System and method for characterizing security entities in a computing environment
US20180159876A1 (en) * 2016-12-05 2018-06-07 International Business Machines Corporation Consolidating structured and unstructured security and threat intelligence with knowledge graphs
US10462169B2 (en) * 2017-04-29 2019-10-29 Splunk Inc. Lateral movement detection through graph-based candidate selection
US11132541B2 (en) * 2017-09-29 2021-09-28 The Mitre Corporation Systems and method for generating event timelines using human language technology
CN108399194A (zh) * 2018-01-29 2018-08-14 中国科学院信息工程研究所 一种网络威胁情报生成方法及系统

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2018195197A (ja) 2017-05-19 2018-12-06 富士通株式会社 評価プログラム、評価方法および情報処理装置

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
藤井 翔太 外3名,未知語を考慮した固有表現認識によるセキュリティインテリジェンスの構造化手法,CSS2018 コンピュータセキュリティシンポジウム2018論文集,日本,一般社団法人情報処理学会,2018年10月15日, 第2018巻 第2号,pp.85-92

Also Published As

Publication number Publication date
GB2598493A (en) 2022-03-02
CN113647078A (zh) 2021-11-12
WO2020208448A1 (en) 2020-10-15
GB2598493B (en) 2022-07-20
CN113647078B (zh) 2022-10-04
US20200322361A1 (en) 2020-10-08
GB202114777D0 (en) 2021-12-01
US11082434B2 (en) 2021-08-03
JP2022527511A (ja) 2022-06-02

Similar Documents

Publication Publication Date Title
JP7436501B2 (ja) サイバーセキュリティ・イベントについての時間関係を推測すること
US20230319090A1 (en) Consolidating structured and unstructured security and threat intelligence with knowledge graphs
US20240129331A1 (en) Threat Disposition Analysis and Modeling Using Supervised Machine Learning
US10681061B2 (en) Feedback-based prioritized cognitive analysis
US10958672B2 (en) Cognitive offense analysis using contextual data and knowledge graphs
US11194905B2 (en) Affectedness scoring engine for cyber threat intelligence services
US11089040B2 (en) Cognitive analysis of security data with signal flow-based graph exploration
CN112131882B (zh) 一种多源异构网络安全知识图谱构建方法及装置
US10686830B2 (en) Corroborating threat assertions by consolidating security and threat intelligence with kinetics data
Mittal et al. Cyber-all-intel: An ai for security related threat intelligence
US10313365B2 (en) Cognitive offense analysis using enriched graphs
US20250030704A1 (en) Cyber threat information processing apparatus, cyber threat information processing method, and storage medium storing cyber threat information processing program
US20250028823A1 (en) Cyber threat information processing apparatus, cyber threat information processing method, and storage medium storing cyber threat information processing program
Schatz et al. Rich event representation for computer forensics
US20250028818A1 (en) Cyber threat information processing apparatus, cyber threat information processing method, and storage medium storing cyber threat information processing program
Huang et al. Building cybersecurity ontology for understanding and reasoning adversary tactics and techniques
Alharbi et al. Enhancing cybersecurity through autonomous knowledge graph construction by integrating heterogeneous data sources
Salem et al. Enabling New Technologies for Cyber Security Defense with the ICAS Cyber Security Ontology.
Tabiban et al. Vincidecoder: automatically interpreting provenance graphs into textual forensic reports with application to openstack
Alfasi et al. Unveiling hidden links between unseen security entities
Shenoy Correlation of Vulnerabilities to MITRE ATT&CK Using Natural Language Processing (NLP) Feature-Modeling
Rogushina et al. Ontology-Based Approach to Validation of Learning Outcomes for Information Security Domain.
Ma et al. The advancement of knowledge graphs in cybersecurity: A comprehensive overview
Wang et al. Incremental learning research for webshell detection
Mittal Knowledge for cyber threat intelligence

Legal Events

Date Code Title Description
RD04 Notification of resignation of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7424

Effective date: 20220512

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20220803

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20220824

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20231017

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20240109

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20240123

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20240208

R150 Certificate of patent or registration of utility model

Ref document number: 7436501

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150