The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Nov. 13, 2018
Filed:
Mar. 29, 2016
Emc Ip Holding Company Llc, Hopkinton, MA (US);
Kineret Raviv, Herzeliya, IL;
Carmit Sahar, Tel-Aviv, IL;
Eyal Kolman, Tel-Aviv, IL;
Shay Amram, Holon, IL;
Alon Kaufman, Bnei-Dror, IL;
EMC IP Holding Company LLC, Hopkinton, MA (US);
Abstract
Methods and apparatus are provided for identifying suspicious domains using common user clustering. An exemplary method comprises obtaining network event data comprising a plurality of network connections; identifying users and domains associated with the network connections in the network event data; creating a connection between each user/domain pair that communicate with one another in the identified users and the identified domains to generate a graph; connecting domains in the graph using inter-domain edges that share common users to obtain a graph of interconnected domains; identifying bi-connected components in the graph of interconnected domains, wherein the bi-connected components comprise node pairs having at least two paths in the graph of interconnected domains between them; and processing the bi-connected components to identify a plurality of suspicious domains that are likely to participate in a computer security attack. The graph of interconnected domains is optionally pruned and/or filtered to remove one or more inter-domain edges.