Browse Prior Art Database

Creating a multi-period security related score based on multiple period scores

IP.com Disclosure Number: IPCOM000247193D
Publication Date: 2016-Aug-15
Document File: 4 page(s) / 84K

Publishing Venue

The IP.com Prior Art Database

Abstract

Many security systems attempt to detect possible security breaches by monitoring system activity and analyzing the activities to identify potential suspicious aspects. There could be various suspicious aspects - each assessed by a separate module termed here a "scorer" that produces a numeric "score" for the activities. The score should correspond to the risk level or the probability of the corresponding suspicious behavior. The scorers are computed along multiple periods, however the risk scores are produced only for the behavior observed during a single period. This could be a problem if the attack spans multiple periods. Summary of our invention: Combine the scores coming from the multiple scorers into a single score as usual (e.g. Using max). Now monitor the value of this combined score along multiple periods. Focus on the periods where the combined period score is slightly below the threshold. Create a new "multi-period" score that scores the accumulation of such periods over the "recent" past . This multi-period score can now be again combined with the other scores to produce the final score.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 100% of the total text.

Page 01 of 4

Creating a multi - -period security related score based on multiple period scores

period security related score based on multiple period scores

!

" # $

" %

!

# % &'% ($

) *

"

# $

% "

% "

" "

+ " " ,

) % " "


- " ,

.

"

/ 0.1 - " " ,

2 # $ " " "

1

/ # 3

$ 4 "

" " / "

" "

"

"

% " 5 1


Page 02 of 4

6 ! " " "

"

/


4 " 7 % 7 8' 99 : " " " " 7 #

$

5 7' " " 7 "

.


Page 03 of 4

" 7' 7 7'8' ;<

/ " 7 " % " ! " "

"

" % % = 7 " " '% '

> " % " "

4 " " "

" " % "

#

% " $

" " % %

3 1

& 7'% 7 ( &'% ( "?

7'? 7 '?

& 7'% 7 (

" 7

@ "


@ " " " " "

% " " * " "

1

8 7 8' 99 . % 8 7.8' 9 2

: @@8 @AB " B @@ * " !

B C 2

4 7 @@8 7 @8

@@ 4 7 " 7

" " " 7 "

" ,

% " " . 7 "

% " " 7

! " " 1

" 8 D# α$0 " Dα

. 7 # % @@8 $ " C.α

! " " 7 " 1

@@@8 @@D

2


Page 04 of 4

: 8 7 ?.α

B 1

7 1

)

/

Patent US 7,310,590 B1

TIME SERIES ANOMALY DETECTION USING MULTIPLE STATISTICAL MODELS

%

!

" %

Difference from our invention:

:

@

" " # " $

An Intrusion-Detection Model DOROTHY E. DENNING

% # %

, $

1 / % B %

Difference from our invention:

B


7 " % "

) % B " " Probabilistic Techniques for Intrusion Detection Based on Computer Audit Data

Nong Ye, Member, IEEE, Xiangyang Li, Qiang Chen, Syed Masum Emran, and Mingming Xu

*

*

Difference from our invention:

% " "

"

F