System and method for determining a threat based on correlation of indicators of compromise from other sources
First Claim
1. An electronic device, comprising:
- a communication interface;
processing circuitry; and
a memory coupled to the processing circuitry, the memory includesa first logic that, when executed by the processing circuitry, organizes (i) a first plurality of indicators of compromise (IOCs) received from a first source via the communication interface, where each of the first plurality of IOCs being caused by a known origin of a malicious attack, and (ii) one or more IOCs received from a second source via the communication interface, the second source being different from the first source where an origin of the one or more IOCs is unknown, anda second logic that, when executed by the processing circuitry, (i) conducts an analysis that evaluates whether the one or more IOCs have at least a degree of correlation with the first plurality of IOCs, and (ii) determine a threat level signifying a degree of confidence that the one or more IOCs received from the second source are caused by the known origin of the first plurality of IOCs.
5 Assignments
0 Petitions
Accused Products
Abstract
According to one embodiment, an electronic device features processing circuitry and memory that includes a first logic and a second logic. When executed by the processing circuitry, the first logic organizes (i) a first plurality of indicators of compromise (IOCs) received from a first source, where the first plurality of IOCs being caused by a known origin of a malicious attack, and (ii) one or more IOCs received from a second source that is different from the first source and an origin of the one or more IOCs is unknown. The second logic conducts a predictive analysis that evaluates whether the one or more IOCs have at least a degree of correlation with the first plurality of IOCs, and determines a threat level. The threat level signifies a degree of confidence that IOCs received from the second source are caused by the known origin of the first plurality of IOCs.
734 Citations
34 Claims
-
1. An electronic device, comprising:
-
a communication interface; processing circuitry; and a memory coupled to the processing circuitry, the memory includes a first logic that, when executed by the processing circuitry, organizes (i) a first plurality of indicators of compromise (IOCs) received from a first source via the communication interface, where each of the first plurality of IOCs being caused by a known origin of a malicious attack, and (ii) one or more IOCs received from a second source via the communication interface, the second source being different from the first source where an origin of the one or more IOCs is unknown, and a second logic that, when executed by the processing circuitry, (i) conducts an analysis that evaluates whether the one or more IOCs have at least a degree of correlation with the first plurality of IOCs, and (ii) determine a threat level signifying a degree of confidence that the one or more IOCs received from the second source are caused by the known origin of the first plurality of IOCs. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 20, 21, 22, 23, 24, 25, 32, 33)
-
-
11. A method for detecting a malicious attack, comprising:
-
organizing, by a first logic executed by processing circuitry, both (i) a first plurality of indicators of compromise (IOCs) received from a first source, the first plurality of IOCs being caused by a known origin of a malicious attack, and (ii) one or more IOCs received from a second source being different from the first source where an origin of the one or more IOCs is unknown, and conducting, by a second logic executed by the processing circuitry, an analysis that evaluates whether the one or more IOCs have at least a degree of correlation with the first plurality of IOCs; and determining a threat level by the second logic executed by the processing circuitry, the threat level signifying a degree of confidence that the one or more IOCs received from the second source are caused by the known origin of the first plurality of IOCs. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 26, 27, 28, 29, 30, 31, 34)
-
Specification