The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Dec. 10, 2019
Filed:
Jun. 14, 2017
Microsoft Technology Licensing, Llc, Redmond, WA (US);
Jack Wilson Stokes, III, Northbend, WA (US);
Robert James Mead, Cheltenham, GB;
Tim William Burrell, Cheltenham, GB;
Ian Hellen, Seattle, WA (US);
John Joseph Lambert, Issaquah, WA (US);
Weidong Cui, Redmond, WA (US);
Andrey Marochko, Redmond, WA (US);
Qingyun Liu, Goleta, CA (US);
Microsoft Technology Licensing, LLC, Redmond, WA (US);
Abstract
Graph-based detection systems and techniques are provided to identify potential malicious lateral movement paths. System and security events may be used to generate a network connection graph and detect remote file executions and/or other detections, for use in tracking malicious lateral movement across a computer network, such as a compromised computer network. Lateral movement determination across a computer network may be divided into two subproblems: forensic analysis and general detection. With forensic analysis, given a malicious node, possible lateral movement leading into or out of the node is identified. General detection identifies previously unknown malicious lateral movement on a network using a remote file execution detector, and/or other detectors, and a rare path anomaly detection algorithm.