The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Sep. 03, 2024
Filed:
Feb. 25, 2022
Microsoft Technology Licensing, Llc, Redmond, WA (US);
Nisha Shahul Hameed, Seattle, WA (US);
Rishi Dev Jha, Bellevue, WA (US);
Evan John Argyle, Salt Lake City, UT (US);
Microsoft Technology Licensing, LLC, Redmond, WA (US);
Abstract
In network security systems, graph-based techniques can be used to analyze data collected for a particular security incident, e.g., a command-and-control incident. In example embodiments, data extracted from data records of network activity and/or security alerts is used to generate a multipartite graph in which different entities (e.g., machines, processes, and domains or IP addresses) are represented as different types of nodes and relationships between the entities are represented as edges. The multipartite graph may be clustered, and the clusters be ranked according to some indicator of maliciousness (e.g., the number of associated security alerts or indicators of compromise (IoCs)). An output generated from the highest-ranking cluster(s) may serve, e.g., to identify new IoCs, or flow into mitigating actions taken in response to the incident.