The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Sep. 22, 2015
Filed:
Sep. 30, 2013
Symantec Corporation, Mountain View, CA (US);
Kevin Roundy, El Segundo, CA (US);
Fanglu Guo, Los Angeles, CA (US);
Sandeep Bhatkar, Sunnyvale, CA (US);
Tao Cheng, Chengdu, CN;
Jie Fu, Chengdu, CN;
Zhi Kai Li, Zigong, CN;
Darren Shou, La Jolla, CA (US);
Sanjay Sawhney, Cupertino, CA (US);
Acar Tamersoy, Atlanta, GA (US);
Elias Khalil, Culver City, CA (US);
Symantec Corporation, Mountain View, CA (US);
Abstract
A computer-implemented method for using event-correlation graphs to detect attacks on computing systems may include (1) detecting a suspicious event involving a first actor within a computing system, (2) constructing an event-correlation graph that includes a first node that represents the first actor, a second node that represents a second actor, and an edge that interconnects the first node and the second node and represents a suspicious event involving the first actor and the second actor, (3) calculating, based at least in part on the additional suspicious event, an attack score for the event-correlation graph, (4) determining that the attack score is greater than a predetermined threshold, and (5) determining, based at least in part on the attack score being greater than the predetermined threshold, that the suspicious event may be part of an attack on the computing system. Various other methods, systems, and computer-readable media are also disclosed.