×

Peer-based abnormal host detection for enterprise security systems

  • US 10,367,842 B2
  • Filed: 02/22/2018
  • Issued: 07/30/2019
  • Est. Priority Date: 04/16/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method for determining a risk level of a host in a network, comprising:

  • modeling a target host'"'"'s behavior based on historical events, which include network events and process events, recorded at the target host;

    determining one or more original peer hosts having behavior similar to the target host'"'"'s behavior, including an iterative clustering process that assigns a set of initial cluster centroids and updates the centroids after assigning hosts to a closet cluster to identify peer hosts in a lateral space;

    determining an anomaly score for the target host using a processor based on how the target host'"'"'s behavior changes relative to behavior of the one or more original peer hosts over time; and

    performing a security management action based on the anomaly score.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×