中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

2 records (took 0.025 seconds)

    DIFFERENTIAL DEPENDENCY TRACKING FOR ATTACK FORENSICS
    1.
    发明申请
    DIFFERENTIAL DEPENDENCY TRACKING FOR ATTACK FORENSICS 审中-公开
    针对侵权行为的差异性依赖追踪

    公开(公告)号:WO2016057994A1

    公开(公告)日:2016-04-14

    申请号:PCT/US2015/055137

    申请日:2015-10-12

    Applicant: NEC LABORATORIES AMERICA, INC.

    Inventor: LI, Zhichun WU, Zhenyu QIAN, Zhiyun JIANG, Guofei AKHOONDI, Masoud KUSANO, Markus

    IPC: H04L29/06 H04L12/26

    CPC classification number: H04L63/1416 G06F17/30958 H04L63/1425 H04L63/1441 H04L2463/146

    Abstract: Methods and systems for intrusion attack recovery include monitoring (502) two or more hosts in a network to generate audit logs of system events. One or more dependency graphs (DGraphs) is generated (504) based on the audit logs. A relevancy score for each edge of the DGraphs is determined (510). Irrelevant events from the DGraphs are pruned (510) to generate a condensed backtracking graph. An origin is located by backtracking (512) from an attack detection point in the condensed backtracking graph.

    Abstract translation: 入侵攻击恢复的方法和系统包括监视(502)网络中的两个或多个主机以生成系统事件的审核日志。 基于审计日志生成一个或多个依赖关系图(DGraph)(504)。 确定DGraph的每个边缘的相关性得分(510)。 修剪了DGraphs中不相关的事件(510),以生成一个浓缩回溯图。 原点是通过回溯(512)从浓缩回溯图中的攻击检测点定位的。

    DIFFERENTIAL DEPENDENCY TRACKING FOR ATTACK FORENSICS
    2.
    发明公开
    DIFFERENTIAL DEPENDENCY TRACKING FOR ATTACK FORENSICS 审中-公开
    对攻击性事件的差分追踪追踪

    公开(公告)号:EP3205072A1

    公开(公告)日:2017-08-16

    申请号:EP15848332.1

    申请日:2015-10-12

    Applicant: NEC Laboratories America, Inc.

    Inventor: LI, Zhichun WU, Zhenyu QIAN, Zhiyun JIANG, Guofei AKHOONDI, Masoud KUSANO, Markus

    IPC: H04L29/06 H04L12/26

    CPC classification number: H04L63/1416 G06F17/30958 H04L63/1425 H04L63/1441 H04L2463/146

    Abstract: Methods and systems for intrusion attack recovery include monitoring two or more hosts in a network to generate audit logs of system events. One or more dependency graphs (DGraphs) is generated based on the audit logs. A relevancy score for each edge of the DGraphs is determined. Irrelevant events from the DGraphs are pruned to generate a condensed backtracking graph. An origin is located by backtracking from an attack detection point in the condensed backtracking graph.

    Abstract translation: 用于入侵攻击恢复的方法和系统包括监视网络中的两个或更多主机以生成系统事件的审计日志。 根据审计日志生成一个或多个依赖关系图(DGraphs)。 确定DGraphs每个边缘的相关性分数。 DGraphs中的不相关事件被修剪以产生浓缩的回溯图。 通过凝聚回溯图中的攻击检测点回溯来确定原点。

Patent Agency Ranking