The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 9736173 B1

Date of Patent:

Aug. 15, 2017

Filed:

Oct. 09, 2015

Differential dependency tracking for attack forensics

Applicant:

Nec Laboratories America, Inc., Princeton, NJ (US);

Inventors:

Zhichun Li, Princeton, NJ (US);

Zhenyu Wu, Plainsboro, NJ (US);

Zhiyun Qian, Franklin Park, NJ (US);

Guofei Jiang, Princeton, NJ (US);

Masoud Akhoondi, Princeton, NJ (US);

Markus Kusano, Princeton, NJ (US);

Assignee:

NEC Corporation, Tokyo, JP;

Attorney:

Joseph Kolodka

Primary Examiner:

David Pearson

Int. Cl.

CPC ...

G06F 21/55 (2013.01); H04L 29/06 (2006.01); G06F 17/30 (2006.01);

U.S. Cl.

CPC ...

H04L 63/1416 (2013.01); G06F 17/30958 (2013.01); H04L 63/1425 (2013.01); H04L 63/1441 (2013.01); H04L 2463/146 (2013.01);

Abstract

Methods and systems for intrusion attack recovery include monitoring two or more hosts in a network to generate audit logs of system events. One or more dependency graphs (DGraphs) is generated based on the audit logs. A relevancy score for each edge of the DGraphs is determined. Irrelevant events from the DGraphs are pruned to generate a condensed backtracking graph. An origin is located by backtracking from an attack detection point in the condensed backtracking graph.

Find Patent Forward Citations