Gathering indicators of compromise for security threat detection

An indicator and security technology, applied in the transmission system, electrical components, etc., can solve the problems of stealing sensitive data, destroying computer operations, etc., and achieve the effects of reducing damage, effective identification, and robust threat detection

Active Publication Date: 2019-11-29
CHRONICLE LLC
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Malware attacks can disrupt computer operation and / or steal sensitive data

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Gathering indicators of compromise for security threat detection
  • Gathering indicators of compromise for security threat detection
  • Gathering indicators of compromise for security threat detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] In general, this disclosure describes systems, methods, devices, and other techniques for collecting indicators of compromise ("IOCs") and using the IOCs to identify computing systems that have been compromised, eg, by malware or hacking. The system can enable users such as researchers, incident responders, information technology professionals, and others to upload and share IOCs that can be used to identify compromised computing systems. An IOC may specify one or more characteristics of a computer security threat. For example, a user may reverse engineer a new botnet and generate an IOC specifying characteristics of the new botnet.

[0021] The system can evaluate the performance of IOCs and filter out low performing IOCs or block providers of low performing IOCs. Thus, the system enables rapid assessment of multiple different IOCs. Furthermore, the most effective IOCs relative to other IOCs emerge based on their performance. This aids the technical field of securit...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The subject matter of this specification generally relates to computer security. In some implementations, a method includes receiving indicators of compromise from multiple security data providers. Each indicator of compromise can include data specifying one or more characteristics of one or more computer security threats. Each indicator of compromise can be configured to, when processed by a computer, cause the computer to detect the presence of the specified one or more characteristics of the one or more computer security threats. Telemetry data for computing systems of users can be received. The telemetry data can include data describing at least one event detected at the computing system. A determination is made that the telemetry data for a given user includes the one or more characteristics specified by a given indicator of compromise.

Description

technical field [0001] This disclosure relates generally to computer and network security. Background technique [0002] Computer and data communication networks are frequently subject to intrusion attacks. Intrusion attacks can take many forms such as worms, viruses, phishing, spyware, etc. Typically, all such attacks are facilitated by some form of malware. Such software is often referred to as malware. Malware attacks can disrupt a computer's operation and / or steal sensitive data. To protect computers from such attacks, network administrators may install security systems, such as antivirus software and / or firewalls, that detect malware and prevent or mitigate the effects of malware attacks. Contents of the invention [0003] This specification describes systems, methods, devices, and other techniques for collecting indicators of compromise and using the indicators of compromise to detect the presence of security threats in telemetry data for computer systems. [00...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/20H04L63/1416
Inventor C.S.纳钦伯格M.拉莫思-布拉萨德S.纳吉布扎德
Owner CHRONICLE LLC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap