Unlock instant, AI-driven research and patent intelligence for your innovation.

Identification and extraction of key forensics indicators of compromise using subject-specific filesystem views

A file system and file technology, applied in the field of network security, can solve problems such as intrusion and low computing efficiency

Active Publication Date: 2020-01-03
INT BUSINESS MASCH CORP
View PDF10 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

That said, techniques to extract this information require file access arbitration, or system event level collection and analysis, which are computationally inefficient and invasive

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Identification and extraction of key forensics indicators of compromise using subject-specific filesystem views
  • Identification and extraction of key forensics indicators of compromise using subject-specific filesystem views
  • Identification and extraction of key forensics indicators of compromise using subject-specific filesystem views

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0017] Now refer to the attached drawings, especially with reference to Figure 1-Figure 2 An exemplary diagram of a data processing environment in which the illustrative embodiments of the present disclosure can be implemented is provided. Should understand, Figure 1-Figure 2 It is merely exemplary, and is not intended to state or imply any limitations on the environment in which aspects or embodiments of the disclosed subject matter can be implemented. Many modifications can be made to the depicted environment without departing from the spirit and scope of the disclosed subject matter.

[0018] Referring now to the attached drawings, figure 1 A graphical representation of an exemplary distributed data processing system that can implement various aspects of the illustrative embodiments is depicted. The distributed data processing system 100 may include a computer network in which aspects of the illustrative embodiments may be implemented. The distributed data processing system...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Identification and extraction of key forensics indicators of compromise using subject-specific filesystem views are provided. A stackable filesystem that transparently tracks process file writes for forensic analysis. The filesystem comprises a base filesystem, and an overlay filesystem. Processes see the union of the upper and lower filesystems, but process writes are only reflected in the overlay. By providing per-process views of the filesystem using the stackable approach, a forensic analyzer can record a process's file-based activity, i.e., file creation, deletion, modification. These activities are then analyzed to identify indicators of compromise (IoCs). These indicators are then fed into a forensics analysis engine, which then quickly decides whether a subject (e.g., process, user) is malicious. If so, the system takes some proactive action to alert a proper authority, to quarantine the potential attack, or to provide other remediation. The approach enables forensic analysis without requiring file access mediation, or conducting system event-level collection and analysis, making it a lightweight, and non-intrusive solution.

Description

Technical field [0001] The present disclosure generally relates to network security. Background technique [0002] In today's modern digital age, the harm or theft of data can have serious consequences for individuals, governments, enterprises, and the cloud environment. Using data as the new digital currency, cybercrime has become a huge financial business. Criminals steal millions of credit card numbers and hold data ransoms, causing companies to spend millions of dollars to regain access to their data. Facing the alarming speed and scope of recent attacks, new methods are needed to effectively identify and deter attackers who are trying to steal or destroy their target's “crown jewel”. [0003] Existing methods to prevent data theft are only effective in certain situations. For example, current ransomware protection focuses on preventing malware from running, maintaining backups, or trying to reverse engineer custom encryption schemes. Unfortunately, this passive approach has...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56H04L29/06
CPCG06F21/56H04L63/1433G06F21/577G06F21/554G06F21/552G06F21/566G06F2221/2127G06F16/1734G06F21/565G06F21/568G06F16/18
Inventor F·阿劳杰奥A·E·克霍乐博兰内尔M·P·斯多艾克林T·P·泰勒
Owner INT BUSINESS MASCH CORP