SG11201907140UA - Multi-signal analysis for compromised scope identification - Google Patents
Multi-signal analysis for compromised scope identificationInfo
- Publication number
- SG11201907140UA SG11201907140UA SG11201907140UA SG11201907140UA SG11201907140UA SG 11201907140U A SG11201907140U A SG 11201907140UA SG 11201907140U A SG11201907140U A SG 11201907140UA SG 11201907140U A SG11201907140U A SG 11201907140UA SG 11201907140U A SG11201907140U A SG 11201907140UA
- Authority
- SG
- Singapore
- Prior art keywords
- microsoft
- llc
- international
- redmond
- washington
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N7/00—Computing arrangements based on specific mathematical models
- G06N7/01—Probabilistic graphical models, e.g. probabilistic networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/121—Timestamp
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Mathematical Physics (AREA)
- Evolutionary Computation (AREA)
- Data Mining & Analysis (AREA)
- Artificial Intelligence (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Medical Informatics (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Computational Mathematics (AREA)
- Probability & Statistics with Applications (AREA)
- Algebra (AREA)
- Mathematical Optimization (AREA)
- Mathematical Analysis (AREA)
- Pure & Applied Mathematics (AREA)
- Debugging And Monitoring (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Measurement Of Resistance Or Impedance (AREA)
- Medical Treatment And Welfare Office Work (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Measurement Of Current Or Voltage (AREA)
- Time-Division Multiplex Systems (AREA)
- Storage Device Security (AREA)
Abstract
ISignal Aggregates <:* Cache Signature Anomaly Scorer 130 (12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) (19) World Intellectual Property Organization International Bureau (43) International Publication Date 16 August 2018 (16.08.2018) WIP0 1 PCT onion °nolo olommolu ioo Imo oimIE (10) International Publication Number WO 2018/148657 Al (51) International Patent Classification: GOOF 21/55 (2013.01) H04L 29/06 (2006.01) (21) International Application Number: PCT/US2018/017817 (22) International Filing Date: 12 February 2018 (12.02.2018) (25) Filing Language: English (26) Publication Language: English (30) Priority Data: 15/431,391 13 February 2017 (13.02.2017) US (71) Applicant: MICROSOFT TECHNOLOGY LI- CENSING, LLC [US/US]; One Microsoft Way, Redmond, Washington 98052-6399 (US). (72) Inventors: LUO, Pengcheng; MICROSOFT TECHNOL- OGY LICENSING, LLC, One Microsoft Way, Redmond, Washington 98052-6399 (US). BRIGGS, Reeves Hoppe; MICROSOFT TECHNOLOGY LICENSING, LLC, One Microsoft Way, Redmond, Washington 98052-6399 (US). SADOVSKY, Art; MICROSOFT TECHNOLOGY LI- CENSING, LLC, One Microsoft Way, Redmond, Washing- ton 98052-6399 (US). AHMAD, Naveed; MICROSOFT TECHNOLOGY LICENSING, LLC, One Microsoft Way, Redmond, Washington 98052-6399 (US). (74) Agent: MINHAS, Sandip S. et al.; MICROSOFT TECH- NOLOGY LICENSING, LLC, One Microsoft Way, Red- mond, Washington 98052-6399 (US). (81) Designated States (unless otherwise indicated, for every kind of national protection available): AE, AG, AL, AM, AO, AT, AU, AZ, BA, BB, BG, BH, BN, BR, BW, BY, BZ, CA, CH, CL, CN, CO, CR, CU, CZ, DE, DJ, DK, DM, DO, DZ, EC, EE, EG, ES, FI, GB, GD, GE, GH, GM, GT, HN, HR, HU, ID, IL, IN, IR, IS, JO, JP, KE, KG, KH, KN, KP, KR, KW, KZ, LA, LC, LK, LR, LS, LU, LY, MA, MD, ME, MG, MK, MN, MW, MX, MY, MZ, NA, NG, NI, NO, NZ, OM, PA, PE, PG, PH, PL, PT, QA, RO, RS, RU, RW, SA, (54) Title: MULTI-SIGNAL ANALYSIS FOR COMPROMISED SCOPE IDENTIFICATION 100 41 1 Online Service 110 Event Detector 120 190 ...) > Detection Results Cache 150 Multi-Signal Results Cache 170 Alert Generator 180 Multi Signal Detector 160 1-1 N kr) GC 1-1 00 O 1-1 N C FIG. 1 (57) : Detecting compromised devices and user accounts within an online service via multi-signal analysis allows for fewer false positives and thus a more accurate allocation of computing resources and human analyst resources. Individual scopes of analysis, related to devices, accounts, or processes are specified and multiple behaviors over a period of time are analyzed to detect persistent (and slow acting) threats as well as brute force (and fast acting) threats. Analysts are alerted to individually affected scopes suspected of being compromised and may address them accordingly. [Continued on next page] WO 2018/148657 Al MIDEDIM011010EIREEM0MMI#11011011111011111111111111111111111 SC, SD, SE, SG, SK, SL, SM, ST, SV, SY, TH, TJ, TM, TN, TR, TT, TZ, UA, UG, US, UZ, VC, VN, ZA, ZM, ZW. (84) Designated States (unless otherwise indicated, for every kind of regional protection available): ARIPO (BW, GH, GM, KE, LR, LS, MW, MZ, NA, RW, SD, SL, ST, SZ, TZ, UG, ZM, ZW), Eurasian (AM, AZ, BY, KG, KZ, RU, TJ, TM), European (AL, AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LT, LU, LV, MC, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, SM, TR), OAPI (BF, BJ, CF, CG, CI, CM, GA, GN, GQ, GW, KM, ML, MR, NE, SN, TD, TG). Declarations under Rule 4.17: as to applicant's entitlement to apply for and be granted a patent (Rule 4.17(H)) as to the applicant's entitlement to claim the priority of the earlier application (Rule 4.17(iii)) Published: — with international search report (Art. 21(3))
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/431,391 US10491616B2 (en) | 2017-02-13 | 2017-02-13 | Multi-signal analysis for compromised scope identification |
PCT/US2018/017817 WO2018148657A1 (en) | 2017-02-13 | 2018-02-12 | Multi-signal analysis for compromised scope identification |
Publications (1)
Publication Number | Publication Date |
---|---|
SG11201907140UA true SG11201907140UA (en) | 2019-09-27 |
Family
ID=61386917
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
SG11201907140UA SG11201907140UA (en) | 2017-02-13 | 2018-02-12 | Multi-signal analysis for compromised scope identification |
Country Status (18)
Country | Link |
---|---|
US (2) | US10491616B2 (en) |
EP (1) | EP3552138B1 (en) |
JP (1) | JP7108365B2 (en) |
KR (1) | KR102433425B1 (en) |
CN (1) | CN110366727B (en) |
AU (1) | AU2018219369B2 (en) |
BR (1) | BR112019014366A2 (en) |
CA (1) | CA3050321A1 (en) |
CL (1) | CL2019002189A1 (en) |
CO (1) | CO2019008341A2 (en) |
IL (1) | IL268231B (en) |
MX (1) | MX2019009505A (en) |
NZ (1) | NZ755115A (en) |
PH (1) | PH12019550134A1 (en) |
RU (1) | RU2768562C2 (en) |
SG (1) | SG11201907140UA (en) |
WO (1) | WO2018148657A1 (en) |
ZA (1) | ZA201904963B (en) |
Families Citing this family (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10943069B1 (en) | 2017-02-17 | 2021-03-09 | Narrative Science Inc. | Applied artificial intelligence technology for narrative generation based on a conditional outcome framework |
US10755053B1 (en) | 2017-02-17 | 2020-08-25 | Narrative Science Inc. | Applied artificial intelligence technology for story outline formation using composable communication goals to support natural language generation (NLG) |
US20190038934A1 (en) * | 2017-08-03 | 2019-02-07 | International Business Machines Corporation | Cognitive advisory system of structured assessments through iot sensors |
US11232270B1 (en) * | 2018-06-28 | 2022-01-25 | Narrative Science Inc. | Applied artificial intelligence technology for using natural language processing to train a natural language generation system with respect to numeric style features |
US11012421B2 (en) | 2018-08-28 | 2021-05-18 | Box, Inc. | Predicting user-file interactions |
KR102049829B1 (en) * | 2018-12-05 | 2019-11-28 | 주식회사 뷰노 | Method for classifying subject according to criticality thereof by assessing the criticality and apparatus using the same |
US11487873B2 (en) * | 2019-01-22 | 2022-11-01 | EMC IP Holding Company LLC | Risk score generation utilizing monitored behavior and predicted impact of compromise |
WO2020223247A1 (en) * | 2019-04-29 | 2020-11-05 | Jpmorgan Chase Bank, N.A. | Systems and methods for data-driven infrastructure controls |
US11799890B2 (en) * | 2019-10-01 | 2023-10-24 | Box, Inc. | Detecting anomalous downloads |
US11449548B2 (en) | 2019-11-27 | 2022-09-20 | Elasticsearch B.V. | Systems and methods for enriching documents for indexing |
US11768945B2 (en) * | 2020-04-07 | 2023-09-26 | Allstate Insurance Company | Machine learning system for determining a security vulnerability in computer software |
US12041094B2 (en) | 2020-05-01 | 2024-07-16 | Amazon Technologies, Inc. | Threat sensor deployment and management |
US12058148B2 (en) * | 2020-05-01 | 2024-08-06 | Amazon Technologies, Inc. | Distributed threat sensor analysis and correlation |
US11704185B2 (en) * | 2020-07-14 | 2023-07-18 | Microsoft Technology Licensing, Llc | Machine learning-based techniques for providing focus to problematic compute resources represented via a dependency graph |
CN112700060B (en) * | 2021-01-08 | 2023-06-13 | 佳源科技股份有限公司 | Station terminal load prediction method and prediction device |
US11902330B1 (en) * | 2021-06-16 | 2024-02-13 | Juniper Networks, Inc. | Generating a network security policy based on a user identity associated with malicious behavior |
JPWO2022269786A1 (en) * | 2021-06-23 | 2022-12-29 | ||
US20230099241A1 (en) * | 2021-09-27 | 2023-03-30 | Bank Of America Corporation | Systems and methods for identifying malicious events using deviations in user activity for enhanced network and data security |
Family Cites Families (32)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
ATE374493T1 (en) * | 2002-03-29 | 2007-10-15 | Global Dataguard Inc | ADAPTIVE BEHAVIORAL INTRUSION DETECTION |
US7784099B2 (en) * | 2005-02-18 | 2010-08-24 | Pace University | System for intrusion detection and vulnerability assessment in a computer network using simulation and machine learning |
US8122122B1 (en) * | 2005-11-08 | 2012-02-21 | Raytheon Oakley Systems, Inc. | Event monitoring and collection |
US8490194B2 (en) * | 2006-01-31 | 2013-07-16 | Robert Moskovitch | Method and system for detecting malicious behavioral patterns in a computer, using machine learning |
US7739082B2 (en) * | 2006-06-08 | 2010-06-15 | Battelle Memorial Institute | System and method for anomaly detection |
US7908660B2 (en) * | 2007-02-06 | 2011-03-15 | Microsoft Corporation | Dynamic risk management |
US20080295172A1 (en) * | 2007-05-22 | 2008-11-27 | Khushboo Bohacek | Method, system and computer-readable media for reducing undesired intrusion alarms in electronic communications systems and networks |
JP5046836B2 (en) | 2007-10-02 | 2012-10-10 | Kddi株式会社 | Fraud detection device, program, and recording medium |
US8321938B2 (en) | 2009-02-12 | 2012-11-27 | Raytheon Bbn Technologies Corp. | Multi-tiered scalable network monitoring |
CN101547129B (en) * | 2009-05-05 | 2011-05-04 | 中国科学院计算技术研究所 | Method and system for detecting distributed denial of service attack |
US20100293103A1 (en) | 2009-05-12 | 2010-11-18 | Microsoft Corporation | Interaction model to migrate states and data |
US8793151B2 (en) * | 2009-08-28 | 2014-07-29 | Src, Inc. | System and method for organizational risk analysis and reporting by mapping detected risk patterns onto a risk ontology |
US8712596B2 (en) * | 2010-05-20 | 2014-04-29 | Accenture Global Services Limited | Malicious attack detection and analysis |
CN104820804A (en) * | 2010-12-30 | 2015-08-05 | 艾新顿公司 | Online privacy management |
CN103797468A (en) * | 2011-09-21 | 2014-05-14 | 惠普发展公司,有限责任合伙企业 | Automated detection of a system anomaly |
US9529777B2 (en) * | 2011-10-28 | 2016-12-27 | Electronic Arts Inc. | User behavior analyzer |
US9117076B2 (en) * | 2012-03-14 | 2015-08-25 | Wintermute, Llc | System and method for detecting potential threats by monitoring user and system behavior associated with computer and network activity |
US9832211B2 (en) | 2012-03-19 | 2017-11-28 | Qualcomm, Incorporated | Computing device to detect malware |
MY196507A (en) * | 2013-03-15 | 2023-04-18 | Socure Inc | Risk Assessment Using Social Networking Data |
US9558347B2 (en) * | 2013-08-27 | 2017-01-31 | Globalfoundries Inc. | Detecting anomalous user behavior using generative models of user actions |
US9338187B1 (en) * | 2013-11-12 | 2016-05-10 | Emc Corporation | Modeling user working time using authentication events within an enterprise network |
US20150235152A1 (en) | 2014-02-18 | 2015-08-20 | Palo Alto Research Center Incorporated | System and method for modeling behavior change and consistency to detect malicious insiders |
CN103853841A (en) * | 2014-03-19 | 2014-06-11 | 北京邮电大学 | Method for analyzing abnormal behavior of user in social networking site |
US9565203B2 (en) * | 2014-11-13 | 2017-02-07 | Cyber-Ark Software Ltd. | Systems and methods for detection of anomalous network behavior |
US9690933B1 (en) * | 2014-12-22 | 2017-06-27 | Fireeye, Inc. | Framework for classifying an object as malicious with machine learning for deploying updated predictive models |
US9654485B1 (en) * | 2015-04-13 | 2017-05-16 | Fireeye, Inc. | Analytics-based security monitoring system and method |
US20160308725A1 (en) | 2015-04-16 | 2016-10-20 | Nec Laboratories America, Inc. | Integrated Community And Role Discovery In Enterprise Networks |
US10681060B2 (en) * | 2015-05-05 | 2020-06-09 | Balabit S.A. | Computer-implemented method for determining computer system security threats, security operations center system and computer program product |
US9699205B2 (en) * | 2015-08-31 | 2017-07-04 | Splunk Inc. | Network security system |
US9888024B2 (en) * | 2015-09-30 | 2018-02-06 | Symantec Corporation | Detection of security incidents with low confidence security events |
MA44828A (en) | 2016-02-16 | 2018-12-26 | Morpho Bv | PROCESS, SYSTEM, DEVICE, AND COMPUTER PRODUCT-PROGRAM, INTENDED FOR REMOTE AUTHORIZATION OF A USER OF DIGITAL SERVICES |
US10372910B2 (en) * | 2016-06-20 | 2019-08-06 | Jask Labs Inc. | Method for predicting and characterizing cyber attacks |
-
2017
- 2017-02-13 US US15/431,391 patent/US10491616B2/en active Active
-
2018
- 2018-02-12 JP JP2019543201A patent/JP7108365B2/en active Active
- 2018-02-12 AU AU2018219369A patent/AU2018219369B2/en active Active
- 2018-02-12 CN CN201880011573.0A patent/CN110366727B/en active Active
- 2018-02-12 SG SG11201907140UA patent/SG11201907140UA/en unknown
- 2018-02-12 CA CA3050321A patent/CA3050321A1/en active Pending
- 2018-02-12 BR BR112019014366-1A patent/BR112019014366A2/en unknown
- 2018-02-12 WO PCT/US2018/017817 patent/WO2018148657A1/en unknown
- 2018-02-12 KR KR1020197023658A patent/KR102433425B1/en active IP Right Grant
- 2018-02-12 MX MX2019009505A patent/MX2019009505A/en unknown
- 2018-02-12 RU RU2019127797A patent/RU2768562C2/en active
- 2018-02-12 EP EP18707813.4A patent/EP3552138B1/en active Active
- 2018-02-12 NZ NZ755115A patent/NZ755115A/en unknown
-
2019
- 2019-07-22 PH PH12019550134A patent/PH12019550134A1/en unknown
- 2019-07-23 IL IL268231A patent/IL268231B/en unknown
- 2019-07-29 ZA ZA2019/04963A patent/ZA201904963B/en unknown
- 2019-07-30 CO CONC2019/0008341A patent/CO2019008341A2/en unknown
- 2019-08-02 CL CL2019002189A patent/CL2019002189A1/en unknown
- 2019-11-21 US US16/690,982 patent/US11233810B2/en active Active
Also Published As
Publication number | Publication date |
---|---|
KR102433425B1 (en) | 2022-08-17 |
PH12019550134A1 (en) | 2020-06-01 |
JP7108365B2 (en) | 2022-07-28 |
KR20190117526A (en) | 2019-10-16 |
CA3050321A1 (en) | 2018-08-16 |
CN110366727A (en) | 2019-10-22 |
US20180234442A1 (en) | 2018-08-16 |
US11233810B2 (en) | 2022-01-25 |
ZA201904963B (en) | 2020-11-25 |
WO2018148657A1 (en) | 2018-08-16 |
AU2018219369B2 (en) | 2022-01-06 |
US20200092318A1 (en) | 2020-03-19 |
IL268231A (en) | 2019-09-26 |
BR112019014366A2 (en) | 2020-02-27 |
AU2018219369A1 (en) | 2019-07-25 |
EP3552138A1 (en) | 2019-10-16 |
JP2020509478A (en) | 2020-03-26 |
CL2019002189A1 (en) | 2019-12-27 |
CN110366727B (en) | 2023-09-19 |
EP3552138B1 (en) | 2023-07-12 |
RU2019127797A3 (en) | 2021-07-05 |
RU2768562C2 (en) | 2022-03-24 |
US10491616B2 (en) | 2019-11-26 |
IL268231B (en) | 2022-05-01 |
MX2019009505A (en) | 2019-10-02 |
NZ755115A (en) | 2023-06-30 |
RU2019127797A (en) | 2021-03-15 |
CO2019008341A2 (en) | 2019-08-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
SG11201907140UA (en) | Multi-signal analysis for compromised scope identification | |
SG11201906575QA (en) | Continuous learning for intrusion detection | |
SG11201811343SA (en) | System and methods for detecting online fraud | |
SG11201903190PA (en) | A light detection and ranging (lidar) device having multiple receivers | |
SG11201809913PA (en) | Methods for detecting target nucleic acids in a sample | |
SG11201902981RA (en) | Iot provisioning service | |
SG11201909410VA (en) | Machine learned decision guidance for alerts originating from monitoring systems | |
SG11201804190YA (en) | Method and system for blockchain variant using digital signatures | |
SG11201907605YA (en) | Light detection systems and methods for using thereof | |
SG11201806723PA (en) | Security system | |
SG11201810922VA (en) | Methods and systems for detecting environmental information of a vehicle | |
SG11201907592XA (en) | Methods and systems using networked phased-array antennae applications to detect and/or monitor moving objects | |
SG11201908288XA (en) | Configurable annotations for privacy-sensitive user content | |
SG11201903715XA (en) | High sensitivity repeater defect detection | |
SG11201908489XA (en) | De novo synthesized combinatorial nucleic acid libraries | |
SG11201900509YA (en) | Simultaneous capturing of overlay signals from multiple targets | |
SG11201806595UA (en) | Using cell-free dna fragment size to determine copy number variations | |
SG11201807002TA (en) | Intention signaling for an autonomous vehicle | |
SG11201710238QA (en) | Autonomic incident triage prioritization by performance modifier and temporal decay parameters | |
SG11201811426UA (en) | Distributed electronic record and transaction history | |
SG11201805176RA (en) | A method and an apparatus for monitoring and controlling deposit formation | |
SG11201805906WA (en) | Diagnostic and prognostic methods for cardiovascular diseases and events | |
SG11201909685RA (en) | Methods and apparatus for characterising the environment of a user platform | |
SG11201902667UA (en) | Methods and systems for chromatography data analysis | |
SG11202000444PA (en) | Sequencing output determination and analysis with target-associated molecules in quantification associated with biological targets |