The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Aug. 12, 2014
Filed:
Apr. 07, 2010
Robert E. Fitzgerald, Bellevue, WA (US);
Jack W. Stokes, North Bend, WA (US);
Alice X. Zheng, Seattle, WA (US);
Edward W. Hardy, Seattle, WA (US);
Bodicherla Aditya Prakash, Pittsburgh, PA (US);
Robert E. Fitzgerald, Bellevue, WA (US);
Jack W. Stokes, North Bend, WA (US);
Alice X. Zheng, Seattle, WA (US);
Edward W. Hardy, Seattle, WA (US);
Bodicherla Aditya Prakash, Pittsburgh, PA (US);
Microsoft Corporation, Redmond, WA (US);
Abstract
An analysis system is described for identifying potentially malicious activity within a computer network. It performs this task by interacting with a user to successively remove known instances of non-malicious activity, to eventually reveal potentially malicious activity. The analysis system interacts with the user by inviting the user to apply labels to identified examples of network behavior; upon response by the user, the analysis system supplies new examples of network behavior to the user. In one implementation, the analysis system generates such examples using a combination of feature-based analysis and graph-based analysis. The graph-based analysis relies on analysis of graph structure associated with access events, such as by identifying entropy scores for respective portions of the graph structure.