Invention Grant
- Patent Title: Detecting zero-day attacks with unknown signatures via mining correlation in behavioral change of entities over time
-
Application No.: US16464779Application Date: 2018-06-28
-
Publication No.: US11159564B2Publication Date: 2021-10-26
- Inventor: Animesh Nandi
- Applicant: Google LLC
- Applicant Address: US CA Mountain View
- Assignee: Google LLC
- Current Assignee: Google LLC
- Current Assignee Address: US CA Mountain View
- Agency: Lerner, David, Littenberg, Krumholz & Mentlik, LLP
- International Application: PCT/US2018/039986 WO 20180628
- International Announcement: WO2020/005250 WO 20200102
- Main IPC: G06F21/00
- IPC: G06F21/00 ; H04L29/06
Abstract:
Zero-day attacks with unknown attack signatures are detected by correlating behavior differences of a plurality of entities. An entity baseline behavior for each entity of the plurality of entities is determined 310, the entity baseline behavior includes multiple variables. An entity behavior difference for each entity is determined at a series of points in time 320. Correlations between the entity behavior differences for the plurality of entities are determined at the series of points in time 330. Based on these correlations, it is determined whether the plurality of entities is exhibiting coordinated behavior differences 340. An attack signature is determined based on the entity behavior differences and the correlations 350. A database of attack signatures is generated 360.
Information query
