The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Jan. 04, 2022
Filed:
Jun. 05, 2018
Imperva, Inc., Redwood Shores, CA (US);
Gilad Yehudai, Herzeliya, IL;
Itsik Mantin, Shoham, IL;
Lior Fisch, Givatayim, IL;
Shelly Hershkovitz, Sunnyvale, CA (US);
Amichai Shulman, Tel Aviv, IL;
Moran Rachel Ambar, Ra'anana, IL;
IMPERVA, INC., San Mateo, CA (US);
Abstract
A method of processing malicious events in a network infrastructure determines features of malicious events detected by a firewall of an attack analyzer. Example features may indicate an origin of an attack, a target of the attack, or a type of a malicious event. The attack analyzer determines distances, e.g., using a non-Euclidean distance function, between features of a given malicious event and features of statistical distribution objects (SDOs). The SDOs describe clusters of previously detected malicious events. The attack analyzer may select one of the SDOs that has features similar to those of the given malicious event. The attack analyzer can update the SDOs by including an alert of the given malicious event with an existing cluster or generating a new cluster including the alert. The attack analyzer may transmit information describing the clusters of the SDOs to a management console.