The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
May. 14, 2019
Filed:
Oct. 05, 2017
Nec Laboratories America, Inc., Princeton, NJ (US);
LuAn Tang, Pennington, NJ (US);
Hengtong Zhang, Princeton, NJ (US);
Zhengzhang Chen, Princeton Junction, NJ (US);
Bo Zong, Plainsboro, NJ (US);
Zhichun Li, Princeton, NJ (US);
Guofei Jiang, Princeton, NJ (US);
Kenji Yoshihira, Princeton Junction, NJ (US);
NEC Corporation, Tokyo, JP;
Abstract
Methods and systems for detecting anomalous events include detecting anomalous events in monitored system data. An event correlation graph is generated based on the monitored system data that characterizes the tendency of processes to access system targets. Kill chains are generated that connect malicious events over a span of time from the event correlation graph that characterize events in an attack path over time by sorting events according to a maliciousness value and determining at least one sub-graph within the event correlation graph with an above-threshold maliciousness rank. A security management action is performed based on the kill chains.