The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Jun. 28, 2016
Filed:
Dec. 31, 2012
Emc Corporation, Hopkinton, MA (US);
Ting-Fang Yen, Cambridge, MA (US);
Ari Juels, Brookline, MA (US);
Aditya Kuppa, Bangalore, IN;
Kaan Onarlioglu, Brookline, MA (US);
Alina Oprea, Arlington, MA (US);
EMC Corporation, Hopkinton, MA (US);
Abstract
A threat detection system for detecting threat activity in a protected computer system includes anomaly sensors of distinct types including user-activity sensors, host-activity sensors and application-activity sensors. Each sensor builds a history of pertinent activity over a training period, and during a subsequent detection period the sensor compares current activity to the history to detect new activity. The new activity is identified in respective sensor output. A set of correlators of distinct types are used that correspond to different stages of threat activity according to modeled threat behavior. Each correlator receives output of one or more different-type sensors and applies logical and/or temporal testing to detect activity patterns of the different stages. The results of the logical and/or temporal testing are used to generate alert outputs for a human or machine user.