SG11201907140UA - Multi-signal analysis for compromised scope identification - Google Patents

Multi-signal analysis for compromised scope identification

Info

Publication number
SG11201907140UA
SG11201907140UA SG11201907140UA SG11201907140UA SG11201907140UA SG 11201907140U A SG11201907140U A SG 11201907140UA SG 11201907140U A SG11201907140U A SG 11201907140UA SG 11201907140U A SG11201907140U A SG 11201907140UA SG 11201907140U A SG11201907140U A SG 11201907140UA
Authority
SG
Singapore
Prior art keywords
microsoft
llc
international
redmond
washington
Prior art date
Application number
SG11201907140UA
Inventor
Pengcheng Luo
Reeves Hoppe Briggs
Art Sadovsky
Naveed Ahmad
Original Assignee
Microsoft Technology Licensing Llc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Technology Licensing Llc filed Critical Microsoft Technology Licensing Llc
Publication of SG11201907140UA publication Critical patent/SG11201907140UA/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N7/00Computing arrangements based on specific mathematical models
    • G06N7/01Probabilistic graphical models, e.g. probabilistic networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/121Timestamp

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Evolutionary Computation (AREA)
  • Artificial Intelligence (AREA)
  • Data Mining & Analysis (AREA)
  • Mathematical Physics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Medical Informatics (AREA)
  • Mathematical Analysis (AREA)
  • Computational Mathematics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Algebra (AREA)
  • Debugging And Monitoring (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Measurement Of Resistance Or Impedance (AREA)
  • Medical Treatment And Welfare Office Work (AREA)
  • Time-Division Multiplex Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Measurement Of Current Or Voltage (AREA)
  • Storage Device Security (AREA)

Abstract

ISignal Aggregates <:* Cache Signature Anomaly Scorer 130 (12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) (19) World Intellectual Property Organization International Bureau (43) International Publication Date 16 August 2018 (16.08.2018) WIP0 1 PCT onion °nolo olommolu ioo Imo oimIE (10) International Publication Number WO 2018/148657 Al (51) International Patent Classification: GOOF 21/55 (2013.01) H04L 29/06 (2006.01) (21) International Application Number: PCT/US2018/017817 (22) International Filing Date: 12 February 2018 (12.02.2018) (25) Filing Language: English (26) Publication Language: English (30) Priority Data: 15/431,391 13 February 2017 (13.02.2017) US (71) Applicant: MICROSOFT TECHNOLOGY LI- CENSING, LLC [US/US]; One Microsoft Way, Redmond, Washington 98052-6399 (US). (72) Inventors: LUO, Pengcheng; MICROSOFT TECHNOL- OGY LICENSING, LLC, One Microsoft Way, Redmond, Washington 98052-6399 (US). BRIGGS, Reeves Hoppe; MICROSOFT TECHNOLOGY LICENSING, LLC, One Microsoft Way, Redmond, Washington 98052-6399 (US). SADOVSKY, Art; MICROSOFT TECHNOLOGY LI- CENSING, LLC, One Microsoft Way, Redmond, Washing- ton 98052-6399 (US). AHMAD, Naveed; MICROSOFT TECHNOLOGY LICENSING, LLC, One Microsoft Way, Redmond, Washington 98052-6399 (US). (74) Agent: MINHAS, Sandip S. et al.; MICROSOFT TECH- NOLOGY LICENSING, LLC, One Microsoft Way, Red- mond, Washington 98052-6399 (US). (81) Designated States (unless otherwise indicated, for every kind of national protection available): AE, AG, AL, AM, AO, AT, AU, AZ, BA, BB, BG, BH, BN, BR, BW, BY, BZ, CA, CH, CL, CN, CO, CR, CU, CZ, DE, DJ, DK, DM, DO, DZ, EC, EE, EG, ES, FI, GB, GD, GE, GH, GM, GT, HN, HR, HU, ID, IL, IN, IR, IS, JO, JP, KE, KG, KH, KN, KP, KR, KW, KZ, LA, LC, LK, LR, LS, LU, LY, MA, MD, ME, MG, MK, MN, MW, MX, MY, MZ, NA, NG, NI, NO, NZ, OM, PA, PE, PG, PH, PL, PT, QA, RO, RS, RU, RW, SA, (54) Title: MULTI-SIGNAL ANALYSIS FOR COMPROMISED SCOPE IDENTIFICATION 100 41 1 Online Service 110 Event Detector 120 190 ...) > Detection Results Cache 150 Multi-Signal Results Cache 170 Alert Generator 180 Multi Signal Detector 160 1-1 N kr) GC 1-1 00 O 1-1 N C FIG. 1 (57) : Detecting compromised devices and user accounts within an online service via multi-signal analysis allows for fewer false positives and thus a more accurate allocation of computing resources and human analyst resources. Individual scopes of analysis, related to devices, accounts, or processes are specified and multiple behaviors over a period of time are analyzed to detect persistent (and slow acting) threats as well as brute force (and fast acting) threats. Analysts are alerted to individually affected scopes suspected of being compromised and may address them accordingly. [Continued on next page] WO 2018/148657 Al MIDEDIM011010EIREEM0MMI#11011011111011111111111111111111111 SC, SD, SE, SG, SK, SL, SM, ST, SV, SY, TH, TJ, TM, TN, TR, TT, TZ, UA, UG, US, UZ, VC, VN, ZA, ZM, ZW. (84) Designated States (unless otherwise indicated, for every kind of regional protection available): ARIPO (BW, GH, GM, KE, LR, LS, MW, MZ, NA, RW, SD, SL, ST, SZ, TZ, UG, ZM, ZW), Eurasian (AM, AZ, BY, KG, KZ, RU, TJ, TM), European (AL, AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LT, LU, LV, MC, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, SM, TR), OAPI (BF, BJ, CF, CG, CI, CM, GA, GN, GQ, GW, KM, ML, MR, NE, SN, TD, TG). Declarations under Rule 4.17: as to applicant's entitlement to apply for and be granted a patent (Rule 4.17(H)) as to the applicant's entitlement to claim the priority of the earlier application (Rule 4.17(iii)) Published: — with international search report (Art. 21(3))
SG11201907140UA 2017-02-13 2018-02-12 Multi-signal analysis for compromised scope identification SG11201907140UA (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US15/431,391 US10491616B2 (en) 2017-02-13 2017-02-13 Multi-signal analysis for compromised scope identification
PCT/US2018/017817 WO2018148657A1 (en) 2017-02-13 2018-02-12 Multi-signal analysis for compromised scope identification

Publications (1)

Publication Number Publication Date
SG11201907140UA true SG11201907140UA (en) 2019-09-27

Family

ID=61386917

Family Applications (1)

Application Number Title Priority Date Filing Date
SG11201907140UA SG11201907140UA (en) 2017-02-13 2018-02-12 Multi-signal analysis for compromised scope identification

Country Status (18)

Country Link
US (2) US10491616B2 (en)
EP (1) EP3552138B1 (en)
JP (1) JP7108365B2 (en)
KR (1) KR102433425B1 (en)
CN (1) CN110366727B (en)
AU (1) AU2018219369B2 (en)
BR (1) BR112019014366A2 (en)
CA (1) CA3050321A1 (en)
CL (1) CL2019002189A1 (en)
CO (1) CO2019008341A2 (en)
IL (1) IL268231B (en)
MX (1) MX2019009505A (en)
NZ (1) NZ755115A (en)
PH (1) PH12019550134A1 (en)
RU (1) RU2768562C2 (en)
SG (1) SG11201907140UA (en)
WO (1) WO2018148657A1 (en)
ZA (1) ZA201904963B (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10943069B1 (en) 2017-02-17 2021-03-09 Narrative Science Inc. Applied artificial intelligence technology for narrative generation based on a conditional outcome framework
US20190038934A1 (en) * 2017-08-03 2019-02-07 International Business Machines Corporation Cognitive advisory system of structured assessments through iot sensors
US11042713B1 (en) * 2018-06-28 2021-06-22 Narrative Scienc Inc. Applied artificial intelligence technology for using natural language processing to train a natural language generation system
US11012421B2 (en) 2018-08-28 2021-05-18 Box, Inc. Predicting user-file interactions
US11487873B2 (en) * 2019-01-22 2022-11-01 EMC IP Holding Company LLC Risk score generation utilizing monitored behavior and predicted impact of compromise
EP3963519A1 (en) * 2019-04-29 2022-03-09 JPMorgan Chase Bank, N.A. Systems and methods for data-driven infrastructure controls
US11799890B2 (en) * 2019-10-01 2023-10-24 Box, Inc. Detecting anomalous downloads
US11449548B2 (en) 2019-11-27 2022-09-20 Elasticsearch B.V. Systems and methods for enriching documents for indexing
US11768945B2 (en) * 2020-04-07 2023-09-26 Allstate Insurance Company Machine learning system for determining a security vulnerability in computer software
US20210344690A1 (en) * 2020-05-01 2021-11-04 Amazon Technologies, Inc. Distributed threat sensor analysis and correlation
US11704185B2 (en) * 2020-07-14 2023-07-18 Microsoft Technology Licensing, Llc Machine learning-based techniques for providing focus to problematic compute resources represented via a dependency graph
CN112700060B (en) * 2021-01-08 2023-06-13 佳源科技股份有限公司 Station terminal load prediction method and prediction device
US11902330B1 (en) * 2021-06-16 2024-02-13 Juniper Networks, Inc. Generating a network security policy based on a user identity associated with malicious behavior
JPWO2022269786A1 (en) * 2021-06-23 2022-12-29

Family Cites Families (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ATE374493T1 (en) * 2002-03-29 2007-10-15 Global Dataguard Inc ADAPTIVE BEHAVIORAL INTRUSION DETECTION
US7784099B2 (en) * 2005-02-18 2010-08-24 Pace University System for intrusion detection and vulnerability assessment in a computer network using simulation and machine learning
US8122122B1 (en) * 2005-11-08 2012-02-21 Raytheon Oakley Systems, Inc. Event monitoring and collection
US8490194B2 (en) * 2006-01-31 2013-07-16 Robert Moskovitch Method and system for detecting malicious behavioral patterns in a computer, using machine learning
US7739082B2 (en) * 2006-06-08 2010-06-15 Battelle Memorial Institute System and method for anomaly detection
US7908660B2 (en) * 2007-02-06 2011-03-15 Microsoft Corporation Dynamic risk management
US20080295172A1 (en) * 2007-05-22 2008-11-27 Khushboo Bohacek Method, system and computer-readable media for reducing undesired intrusion alarms in electronic communications systems and networks
JP5046836B2 (en) * 2007-10-02 2012-10-10 Kddi株式会社 Fraud detection device, program, and recording medium
US8321938B2 (en) 2009-02-12 2012-11-27 Raytheon Bbn Technologies Corp. Multi-tiered scalable network monitoring
CN101547129B (en) * 2009-05-05 2011-05-04 中国科学院计算技术研究所 Method and system for detecting distributed denial of service attack
US20100293103A1 (en) 2009-05-12 2010-11-18 Microsoft Corporation Interaction model to migrate states and data
US8793151B2 (en) * 2009-08-28 2014-07-29 Src, Inc. System and method for organizational risk analysis and reporting by mapping detected risk patterns onto a risk ontology
US8712596B2 (en) * 2010-05-20 2014-04-29 Accenture Global Services Limited Malicious attack detection and analysis
CN103403685B (en) * 2010-12-30 2015-05-13 艾新顿公司 Online privacy management
EP2758881A4 (en) * 2011-09-21 2015-09-02 Hewlett Packard Development Co Automated detection of a system anomaly
US9529777B2 (en) * 2011-10-28 2016-12-27 Electronic Arts Inc. User behavior analyzer
US9117076B2 (en) * 2012-03-14 2015-08-25 Wintermute, Llc System and method for detecting potential threats by monitoring user and system behavior associated with computer and network activity
US9832211B2 (en) * 2012-03-19 2017-11-28 Qualcomm, Incorporated Computing device to detect malware
US9300676B2 (en) * 2013-03-15 2016-03-29 Socure Inc. Risk assessment using social networking data
US9558347B2 (en) * 2013-08-27 2017-01-31 Globalfoundries Inc. Detecting anomalous user behavior using generative models of user actions
US9338187B1 (en) * 2013-11-12 2016-05-10 Emc Corporation Modeling user working time using authentication events within an enterprise network
US20150235152A1 (en) 2014-02-18 2015-08-20 Palo Alto Research Center Incorporated System and method for modeling behavior change and consistency to detect malicious insiders
CN103853841A (en) * 2014-03-19 2014-06-11 北京邮电大学 Method for analyzing abnormal behavior of user in social networking site
US9565203B2 (en) * 2014-11-13 2017-02-07 Cyber-Ark Software Ltd. Systems and methods for detection of anomalous network behavior
US9690933B1 (en) * 2014-12-22 2017-06-27 Fireeye, Inc. Framework for classifying an object as malicious with machine learning for deploying updated predictive models
US9654485B1 (en) * 2015-04-13 2017-05-16 Fireeye, Inc. Analytics-based security monitoring system and method
US20160308725A1 (en) 2015-04-16 2016-10-20 Nec Laboratories America, Inc. Integrated Community And Role Discovery In Enterprise Networks
US10681060B2 (en) * 2015-05-05 2020-06-09 Balabit S.A. Computer-implemented method for determining computer system security threats, security operations center system and computer program product
US9699205B2 (en) * 2015-08-31 2017-07-04 Splunk Inc. Network security system
US9888024B2 (en) * 2015-09-30 2018-02-06 Symantec Corporation Detection of security incidents with low confidence security events
MA44828A (en) 2016-02-16 2018-12-26 Morpho Bv PROCESS, SYSTEM, DEVICE, AND COMPUTER PRODUCT-PROGRAM, INTENDED FOR REMOTE AUTHORIZATION OF A USER OF DIGITAL SERVICES
US10372910B2 (en) * 2016-06-20 2019-08-06 Jask Labs Inc. Method for predicting and characterizing cyber attacks

Also Published As

Publication number Publication date
US10491616B2 (en) 2019-11-26
KR102433425B1 (en) 2022-08-17
RU2768562C2 (en) 2022-03-24
CN110366727B (en) 2023-09-19
RU2019127797A3 (en) 2021-07-05
JP2020509478A (en) 2020-03-26
US20200092318A1 (en) 2020-03-19
EP3552138A1 (en) 2019-10-16
US11233810B2 (en) 2022-01-25
BR112019014366A2 (en) 2020-02-27
CO2019008341A2 (en) 2019-08-20
WO2018148657A1 (en) 2018-08-16
NZ755115A (en) 2023-06-30
CL2019002189A1 (en) 2019-12-27
IL268231B (en) 2022-05-01
MX2019009505A (en) 2019-10-02
US20180234442A1 (en) 2018-08-16
PH12019550134A1 (en) 2020-06-01
JP7108365B2 (en) 2022-07-28
AU2018219369A1 (en) 2019-07-25
ZA201904963B (en) 2020-11-25
CA3050321A1 (en) 2018-08-16
RU2019127797A (en) 2021-03-15
IL268231A (en) 2019-09-26
AU2018219369B2 (en) 2022-01-06
KR20190117526A (en) 2019-10-16
CN110366727A (en) 2019-10-22
EP3552138B1 (en) 2023-07-12

Similar Documents

Publication Publication Date Title
SG11201907140UA (en) Multi-signal analysis for compromised scope identification
SG11201906575QA (en) Continuous learning for intrusion detection
SG11201811343SA (en) System and methods for detecting online fraud
SG11201903190PA (en) A light detection and ranging (lidar) device having multiple receivers
SG11201809913PA (en) Methods for detecting target nucleic acids in a sample
SG11201902981RA (en) Iot provisioning service
SG11201803667RA (en) Systems and methods for region-adaptive defect detection
SG11201804190YA (en) Method and system for blockchain variant using digital signatures
SG11201806723PA (en) Security system
SG11201907592XA (en) Methods and systems using networked phased-array antennae applications to detect and/or monitor moving objects
SG11201810922VA (en) Methods and systems for detecting environmental information of a vehicle
SG11201909410VA (en) Machine learned decision guidance for alerts originating from monitoring systems
SG11201908288XA (en) Configurable annotations for privacy-sensitive user content
SG11201907605YA (en) Light detection systems and methods for using thereof
SG11201903715XA (en) High sensitivity repeater defect detection
SG11201900509YA (en) Simultaneous capturing of overlay signals from multiple targets
SG11201808494TA (en) Signal light detection
SG11201710238QA (en) Autonomic incident triage prioritization by performance modifier and temporal decay parameters
SG11201807030TA (en) Radar mounting estimation with unstructured data
SG11201805176RA (en) A method and an apparatus for monitoring and controlling deposit formation
SG11201810890RA (en) Situation aware personal assistant
SG11201909685RA (en) Methods and apparatus for characterising the environment of a user platform
SG11202000444PA (en) Sequencing output determination and analysis with target-associated molecules in quantification associated with biological targets
SG11201907764PA (en) Methods for screening infections
SG11201906573XA (en) Pressure sensitive stylus