-
公开(公告)号:CA3137249A1
公开(公告)日:2020-10-22
申请号:CA3137249
申请日:2020-03-23
Applicant: IBM
Inventor: UDUPI RAGHAVENDRA ARJUN , SEUL MATTHIAS , SCHEIDELER TIM , AIROLDI TIZIANO
IPC: G06F21/55
Abstract: A computer-implemented method for dynamically identifying security threats comprising a cyber-attack chain composed of a sequence of partial cyber-attacks represented by attack patterns is provided. The method comprises receiving a sequence of security events, determining, a first cyber-attack pattern by applying a set of predefined rules for detecting an indicator of compromise of a first partial cyber-attack of the cyber-attack chain thereby, identifying a specific cyber-attack chain and determining a type and an attribute in the pattern of the first partial cyber-attack. The method comprises further configuring at least one rule for a downstream partial cyber-attack in the specific cyber-attack chain based on the type and the attribute in the attack pattern of the first partial cyber-attack, and adding the at least one configured rule to the set of predefined rules to be used by the correlation engine for dynamically identifying security threats.
-
公开(公告)号:IL286611D0
公开(公告)日:2021-10-31
申请号:IL28661121
申请日:2021-09-22
Applicant: IBM , UDUPI RAGHAVENDRA ARJUN , SEUL MATTHIAS , SCHEIDELER TIM , AIROLDI TIZIANO
Inventor: UDUPI RAGHAVENDRA ARJUN , SEUL MATTHIAS , SCHEIDELER TIM , AIROLDI TIZIANO
Abstract: A computer-implemented method for dynamically identifying security threats comprising a cyber-attack chain composed of a sequence of partial cyber-attacks represented by attack patterns may be provided. The method comprises receiving a sequence of security events, determining, a first cyber-attack pattern by applying a set of predefined rules for detecting an indicator of compromise of a first partial cyber-attack of the cyber-attack chain—thereby, identifying a specific cyber-attack chain—and determining a type and an attribute in the pattern of the first partial cyber-attack. The method comprises further configuring at least one rule for a downstream partial cyber-attack in the specific cyber-attack chain based on the type and the attribute in the attack pattern of the first partial cyber-attack, and adding the at least one configured rule to the set of predefined rules to be used by the correlation engine for dynamically identifying security threats to information technology systems.
-
公开(公告)号:SG11202109795WA
公开(公告)日:2021-10-28
申请号:SG11202109795W
申请日:2020-03-23
Applicant: IBM
Inventor: UDUPI RAGHAVENDRA ARJUN , SEUL MATTHIAS , SCHEIDELER TIM , AIROLDI TIZIANO
Abstract: A computer-implemented method for dynamically identifying security threats comprising a cyber-attack chain composed of a sequence of partial cyber-attacks represented by attack patterns may be provided. The method comprises receiving a sequence of security events, determining, a first cyber-attack pattern by applying a set of predefined rules for detecting an indicator of compromise of a first partial cyber-attack of the cyber-attack chain—thereby, identifying a specific cyber-attack chain—and determining a type and an attribute in the pattern of the first partial cyber-attack. The method comprises further configuring at least one rule for a downstream partial cyber-attack in the specific cyber-attack chain based on the type and the attribute in the attack pattern of the first partial cyber-attack, and adding the at least one configured rule to the set of predefined rules to be used by the correlation engine for dynamically identifying security threats to information technology systems.
-
-
Search Results
3
records
(took 0.015 seconds)
