×

Systems and methods for log and snort synchronized threat detection

  • US 10,462,170 B1
  • Filed: 11/21/2017
  • Issued: 10/29/2019
  • Est. Priority Date: 11/21/2016
  • Status: Active Grant
First Claim
Patent Images

1. A method for automated threat detection in a computer network, the method comprising:

  • temporally correlating time segments parsed from a log stream and tagged time segments from an intrusion detection system stream to identify correlated time segments, the correlating performed by a server computer configured for monitoring network traffic to and from the computer network;

    extracting features from a correlated time segment identified from the correlating, the extracting performed by the server computer and comprising determining tuples associated with the correlated time segment, each tuple containing a message type, a location, and an out of vocabulary word in the correlated time segment;

    generating a multidimensional feature vector for the correlated time segment, the multidimensional feature vector containing a select number of the tuples; and

    providing the multidimensional feature vector for the correlated time segment as input to a machine learning module, the machine learning module implementing a machine learning model and operable to determine, based on the machine learning model, whether the correlated time segment indicates a true incident.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×