WO2011149773A3 - Security threat detection associated with security events and an actor category model - Google Patents

Security threat detection associated with security events and an actor category model Download PDF

Info

Publication number
WO2011149773A3
WO2011149773A3 PCT/US2011/037318 US2011037318W WO2011149773A3 WO 2011149773 A3 WO2011149773 A3 WO 2011149773A3 US 2011037318 W US2011037318 W US 2011037318W WO 2011149773 A3 WO2011149773 A3 WO 2011149773A3
Authority
WO
WIPO (PCT)
Prior art keywords
security
category model
threat detection
actor
actor category
Prior art date
Application number
PCT/US2011/037318
Other languages
French (fr)
Other versions
WO2011149773A2 (en
Inventor
Anurag Singla
Original Assignee
Hewlett-Packard Development Company, L.P.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett-Packard Development Company, L.P. filed Critical Hewlett-Packard Development Company, L.P.
Priority to US13/699,030 priority Critical patent/US9069954B2/en
Priority to EP11787160.8A priority patent/EP2577545A4/en
Priority to CN2011800259241A priority patent/CN102906756A/en
Publication of WO2011149773A2 publication Critical patent/WO2011149773A2/en
Publication of WO2011149773A3 publication Critical patent/WO2011149773A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Alarm Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

Security events associated with network devices and an actor category model are stored (501, 503). The actor category model includes levels arranged in a hierarchy and each level is associated with a subcategory for a category of the model. Security events are correlated with the actor category model (505), and a determination of whether a security threat exists is performed based on the correlating (506).
PCT/US2011/037318 2010-05-25 2011-05-20 Security threat detection associated with security events and an actor category model WO2011149773A2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US13/699,030 US9069954B2 (en) 2010-05-25 2011-05-20 Security threat detection associated with security events and an actor category model
EP11787160.8A EP2577545A4 (en) 2010-05-25 2011-05-20 Security threat detection associated with security events and an actor category model
CN2011800259241A CN102906756A (en) 2010-05-25 2011-05-20 Security threat detection associated with security events and actor category model

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US84818710P 2010-05-25 2010-05-25
US61/848,187 2010-05-25

Publications (2)

Publication Number Publication Date
WO2011149773A2 WO2011149773A2 (en) 2011-12-01
WO2011149773A3 true WO2011149773A3 (en) 2012-02-23

Family

ID=45004682

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2011/037318 WO2011149773A2 (en) 2010-05-25 2011-05-20 Security threat detection associated with security events and an actor category model

Country Status (2)

Country Link
CN (1) CN102906756A (en)
WO (1) WO2011149773A2 (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014120181A1 (en) * 2013-01-31 2014-08-07 Hewlett-Packard Development Company, L.P. Targeted security alerts
KR101836016B1 (en) * 2013-11-06 2018-03-07 맥아피, 엘엘씨 Context-aware network forensics
US11657109B2 (en) * 2013-11-28 2023-05-23 Patrick Faulwetter Platform device for providing quantitative collective knowledge
DE112014005455A5 (en) * 2013-11-28 2016-08-11 Patrick Faulwetter Platform device for providing qualitative swarm knowledge
CN105205394B (en) * 2014-06-12 2019-01-08 腾讯科技(深圳)有限公司 Data detection method and device for intrusion detection
US10382454B2 (en) * 2014-09-26 2019-08-13 Mcafee, Llc Data mining algorithms adopted for trusted execution environment
US9473531B2 (en) 2014-11-17 2016-10-18 International Business Machines Corporation Endpoint traffic profiling for early detection of malware spread
CN105739408A (en) * 2016-01-30 2016-07-06 山东大学 Business monitoring method used for power scheduling system and business monitoring system
EP3588206B1 (en) 2018-06-21 2024-01-10 Siemens Aktiengesellschaft A safe guard detection for unexpected operations in a mes system
CN111126729A (en) * 2018-10-30 2020-05-08 千寻位置网络有限公司 Intelligent safety event closed-loop disposal system and method thereof
EP3767913B1 (en) * 2019-07-17 2023-08-02 AO Kaspersky Lab Systems and methods for correlating events to detect an information security incident

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020163926A1 (en) * 2001-05-03 2002-11-07 Moharram Omayma E. Method and apparatus for security management in a networked environment
US20030122667A1 (en) * 2001-12-31 2003-07-03 Flynn Samuel W. System and method for enhancing security at a self-checkout station
US20050222820A1 (en) * 2003-02-26 2005-10-06 Intexact Technologies Limited Security system and a method of operating
KR20080030130A (en) * 2006-09-29 2008-04-04 주식회사 케이티 System for managing risk of customer on-demand and method thereof

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6158010A (en) * 1998-10-28 2000-12-05 Crosslogix, Inc. System and method for maintaining security in a distributed computer network
US7114183B1 (en) * 2002-08-28 2006-09-26 Mcafee, Inc. Network adaptive baseline monitoring system and method
US9824107B2 (en) * 2006-10-25 2017-11-21 Entit Software Llc Tracking changing state data to assist in computer network security
US20080307525A1 (en) * 2007-06-05 2008-12-11 Computer Associates Think, Inc. System and method for evaluating security events in the context of an organizational structure
CN101599963B (en) * 2009-06-10 2012-07-04 电子科技大学 Suspected network threat information screener and screening and processing method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020163926A1 (en) * 2001-05-03 2002-11-07 Moharram Omayma E. Method and apparatus for security management in a networked environment
US20030122667A1 (en) * 2001-12-31 2003-07-03 Flynn Samuel W. System and method for enhancing security at a self-checkout station
US20050222820A1 (en) * 2003-02-26 2005-10-06 Intexact Technologies Limited Security system and a method of operating
KR20080030130A (en) * 2006-09-29 2008-04-04 주식회사 케이티 System for managing risk of customer on-demand and method thereof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP2577545A4 *

Also Published As

Publication number Publication date
WO2011149773A2 (en) 2011-12-01
CN102906756A (en) 2013-01-30

Similar Documents

Publication Publication Date Title
WO2011149773A3 (en) Security threat detection associated with security events and an actor category model
USD786305S1 (en) Computer screen with icon
GB201100039D0 (en) Server, user device and malware detection method thereof
WO2013040496A3 (en) System and method for real-time customized threat protection
WO2014007947A3 (en) Creating social group events
TW200642361A (en) Equipment management system
WO2013077987A3 (en) Management of privacy settings for a user device
WO2012068017A3 (en) Fuel cell system with grid independent operation and dc microgrid capability
WO2008021104A3 (en) Systems and methods for measuring user affinity in a social network environment
WO2014004810A3 (en) Inbox management
WO2008125918A3 (en) Systems and methods for policy-based service management
WO2013172898A3 (en) System for detecting, analyzing, and controlling infiltration of computer and network systems
WO2011019526A3 (en) Separating reputation of users in different roles
WO2011094036A3 (en) Social network search
WO2013164821A3 (en) Detection and prevention for malicious threats
WO2009140049A3 (en) System and methods for metering and analyzing energy consumption of events within a portable device
WO2013081976A3 (en) Remote mobile device management
WO2013009992A3 (en) Network-assisted peer discovery with network coding
WO2014043287A3 (en) Methods and systems for estimating recoverable utility revenue
WO2011140407A3 (en) Time-key hopping
WO2011153040A3 (en) Aggregating mobile device battery life data
WO2012086957A3 (en) Method and apparatus for providing touch interface
MX2013010682A (en) Utility management analysis through social network data.
WO2011091021A3 (en) Verification mechanism
GB2492290A (en) Security systems and methods

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201180025924.1

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11787160

Country of ref document: EP

Kind code of ref document: A2

WWE Wipo information: entry into national phase

Ref document number: 2011787160

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 13699030

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: DE