The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Dec. 06, 2016
Filed:
Dec. 23, 2013
Emc Corporation, Hopkinton, MA (US);
Ting-Fang Yen, Cambridge, MA (US);
Alina Oprea, Arlington, MA (US);
Kaan Onarlioglu, Brookline, MA (US);
Todd Leetham, Bedford, MA (US);
William Robertson, Boston, MA (US);
Ari Juels, Brookline, MA (US);
Engin Kirda, Brookline, MA (US);
EMC IP Holding Company LLC, Hopkinton, MA (US);
Abstract
Methods, apparatus and articles of manufacture for behavioral detection of suspicious host activities in an enterprise are provided herein. A method includes processing log data derived from one or more data sources associated with an enterprise network over a given period of time, wherein the enterprise network comprises multiple host devices; extracting one or more features from said log data on a per host device basis, wherein said extracting comprises: determining a pattern of behavior associated with the multiple host devices based on said processing; and identifying said features representative of host device behavior based on the determined pattern of behavior; clustering the multiple host devices into one or more groups based on said one or more features; and identifying a behavioral anomaly associated with one of the multiple host devices by comparing said host device to the one or more groups across the multiple host devices.