×

Method for detecting a cyber attack

  • US 10,366,229 B2
  • Filed: 06/20/2017
  • Issued: 07/30/2019
  • Est. Priority Date: 06/20/2016
  • Status: Active Grant
First Claim
Patent Images

1. A method for detecting a cyber attack comprising:

  • storing network traffic data of network events occurring on a network over a period of time to a network accounting log;

    compressing the network accounting log by writing metadata of network events, occurring within the period of time and represented in the network accounting log, to a compressed log file comprising a probabilistic data structure;

    in response to receipt of a new threat intelligence representing a newly-identified security threat identified after the period of time, querying the compressed log file for a network traffic metadata value representative of a threat element defined in the new threat intelligence;

    in response to detecting the threat element in the compressed log file, querying the network accounting log for the threat element; and

    in response to detecting the threat element in the network accounting log, issuing an alert to respond to the newly-identified security threat on the network.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×