公开(公告)号：CA3137249A1

公开(公告)日：2020-10-22

申请号：CA3137249

申请日：2020-03-23

Applicant: IBM

Inventor： UDUPI RAGHAVENDRA ARJUN ,  SEUL MATTHIAS ,  SCHEIDELER TIM ,  AIROLDI TIZIANO

IPC: G06F21/55

Abstract: A computer-implemented method for dynamically identifying security threats comprising a cyber-attack chain composed of a sequence of partial cyber-attacks represented by attack patterns is provided. The method comprises receiving a sequence of security events, determining, a first cyber-attack pattern by applying a set of predefined rules for detecting an indicator of compromise of a first partial cyber-attack of the cyber-attack chain thereby, identifying a specific cyber-attack chain and determining a type and an attribute in the pattern of the first partial cyber-attack. The method comprises further configuring at least one rule for a downstream partial cyber-attack in the specific cyber-attack chain based on the type and the attribute in the attack pattern of the first partial cyber-attack, and adding the at least one configured rule to the set of predefined rules to be used by the correlation engine for dynamically identifying security threats.

公开(公告)号：DE112020002552T5

公开(公告)日：2022-02-24

申请号：DE112020002552

申请日：2020-04-28

Applicant: IBM

Inventor： SCHEIDELER TIM ,  UDUPI RAGHAVENDRA ARJUN ,  REEDMAN IVAN ,  SEUL MATTHIAS

IPC: G06F21/50 ,  G06F21/55

Abstract: Ein Verfahren zum Verarbeiten von Sicherheitsereignissen durch Anwenden eines regelbasierten Alarmschemas kann bereitgestellt werden. Das Verfahren umfasst ein Erzeugen eines Regelindex von Regeln und eines Indicator-of-Compromise-Index für jede der Regeln. Das Verfahren umfasst auch ein Verarbeiten des eingehenden Sicherheitsereignisses durch Anwenden der Regeln, ein Erhöhen eines aktuellen Regelzählers in Bezug auf eine ausgelöste Regel und ein Erhöhen eines aktuellen, die ausgelöste Regel betreffenden Indicator-of-Compromise-Zählers. Darüber hinaus umfasst das Verfahren ein Erzeugen eines Pseudosicherheitsereignisses aus empfangenen Daten über bekannte Angriffe und zugehörige Indicators-of-Compromise, ein Verarbeiten der Pseudosicherheitsereignisse durch sequenzielles Anwenden der Regeln, ein Erhöhen eines aktuellen Regelzählers von Pseudosicherheitsereignissen und ein Erhöhen eines aktuellen Indicator-of-Compromise-Zählers für Pseudosicherheitsereignisse und ein Sortieren der Regeln sowie ein Sortieren innerhalb einer jeden Regel der Indicator-of-Compromise-Werte in dem Indicator-of-Compromise-Index.

公开(公告)号：IL286611D0

公开(公告)日：2021-10-31

申请号：IL28661121

申请日：2021-09-22

Applicant: IBM ,  UDUPI RAGHAVENDRA ARJUN ,  SEUL MATTHIAS ,  SCHEIDELER TIM ,  AIROLDI TIZIANO

Inventor： UDUPI RAGHAVENDRA ARJUN ,  SEUL MATTHIAS ,  SCHEIDELER TIM ,  AIROLDI TIZIANO

IPC: G06F17/15 ,  G06F21/55 ,  H04L29/06

Abstract: A computer-implemented method for dynamically identifying security threats comprising a cyber-attack chain composed of a sequence of partial cyber-attacks represented by attack patterns may be provided. The method comprises receiving a sequence of security events, determining, a first cyber-attack pattern by applying a set of predefined rules for detecting an indicator of compromise of a first partial cyber-attack of the cyber-attack chain—thereby, identifying a specific cyber-attack chain—and determining a type and an attribute in the pattern of the first partial cyber-attack. The method comprises further configuring at least one rule for a downstream partial cyber-attack in the specific cyber-attack chain based on the type and the attribute in the attack pattern of the first partial cyber-attack, and adding the at least one configured rule to the set of predefined rules to be used by the correlation engine for dynamically identifying security threats to information technology systems.

公开(公告)号：SG11202109795WA

公开(公告)日：2021-10-28

申请号：SG11202109795W

申请日：2020-03-23

Applicant: IBM

Inventor： UDUPI RAGHAVENDRA ARJUN ,  SEUL MATTHIAS ,  SCHEIDELER TIM ,  AIROLDI TIZIANO

IPC: H04L29/06 ,  G06F21/55

Abstract: A computer-implemented method for dynamically identifying security threats comprising a cyber-attack chain composed of a sequence of partial cyber-attacks represented by attack patterns may be provided. The method comprises receiving a sequence of security events, determining, a first cyber-attack pattern by applying a set of predefined rules for detecting an indicator of compromise of a first partial cyber-attack of the cyber-attack chain—thereby, identifying a specific cyber-attack chain—and determining a type and an attribute in the pattern of the first partial cyber-attack. The method comprises further configuring at least one rule for a downstream partial cyber-attack in the specific cyber-attack chain based on the type and the attribute in the attack pattern of the first partial cyber-attack, and adding the at least one configured rule to the set of predefined rules to be used by the correlation engine for dynamically identifying security threats to information technology systems.