‌

US Patent 11423143 Anomaly detection based on processes executed within a network

Patent 11423143 was granted and assigned to Exabeam on August, 2022 by the United States Patent and Trademark Office.

Overview Structured Data Issues Contributors

Is a

Patent attributes

Patent Applicant

Current Assignee

Patent Jurisdiction

United States Patent and Trademark Office

Patent Number

Date of Patent

August 23, 2022

Patent Application Number

16228071

Date Filed

December 20, 2018

Patent Citations

US Patent 10095871 System, method, and computer program product for detecting and assessing security risks in a network

US Patent 10445311 Anomaly detection

US Patent 10467631 Ranking and tracking suspicious procurement entities

US Patent 10474828 System, method, and computer program product for detecting and assessing security risks in a network

US Patent 10496815 System, method, and computer program for classifying monitored assets based on user labels and for detecting potential misuse of monitored assets based on the classifications

US Patent 10621343 Generic and static detection of malware installation packages

US Patent 10645109 System, method, and computer program for detection of anomalous user network activity based on multiple data sources

US Patent 10685293 Methods and systems for analyzing cybersecurity threats

...

Patent Citations Received

US Patent 11956253 Ranking cybersecurity alerts from multiple sources using machine learning

31

US Patent 12069073 Cyber threat defense system and method

32

US Patent 11575688 Method of malware characterization and prediction

US Patent 12063226 Graph-based multi-staged attack detection in the context of an attack framework

35

US Patent 11693958 Processing and storing event data in a knowledge graph format for anomaly detection

36

Patent Primary Examiner

CPC Code

A cybersecurity system, method, and computer program is provided for detecting whether an entity's collection of processes during an interval is abnormal compared to the historical collection of processes observed for the entity during previous intervals of the same length. Logs from a training period are used to calculate global and local risk probabilities for each process based on the process's execution history during the training period. Risk probabilities may be computed using a Bayesian framework. For each entity in a network, an entity risk score is calculated by summing the applicable risk probabilities of the unique processes executed by the entity during an interval. An entity's historical risk scores form a score distribution. If an entity's current score is an outlier on the historical score distribution, an alert of potentially malicious behavior is generated with respect to the entity. Additional post-processing may be performed to reduce false positives.

Timeline

No Timeline data yet.

Further Resources

Title

Author

Link

Type

Date

No Further Resources data yet.

References

Find more entities like US Patent 11423143 Anomaly detection based on processes executed within a network

Use the Golden Query Tool to find similar entities by any field in the Knowledge Graph, including industry, location, and more.

Open Query Tool

Golden Query Tool

By using this site, you agree to our Terms of Service.