×

Method for semi-supervised learning approach to add context to malicious events

  • US 10,148,674 B2
  • Filed: 12/11/2015
  • Issued: 12/04/2018
  • Est. Priority Date: 12/11/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • receiving, at a sequence analyzer, a sequence of events from an information handling system;

    detecting a first event within the sequence of events;

    determining a first state of a Markov model associated with the first event;

    detecting a second event within the sequence of events;

    determining a second state of the Markov model associated with the second event;

    detecting a state transition from the first state to the second state in the Markov model;

    determining a partial match of the sequence of events to a kill sequence of events in response to the state transition from the first state to the second state in the Markov model;

    determining a probability of a traversal within the sequence of events to a missing event of the kill sequence of events;

    providing the sequence of events to a further enrichment stage in response to the probability of the traversal being a high probability;

    logging all events that occurred in the information handling system in between the first event and the second event;

    identifying the first sequence of events as a possible kill sequence in response to determining the partial match; and

    providing the sequence of events to the further enrichment stage, wherein the logged events that occurred between the first and second events are researched by a human analyst during the further enrichment stage.

View all claims
  • 13 Assignments
Timeline View
Assignment View
    ×
    ×