Cyber security
First Claim
1. A method for a system to detect a cyber threat and in response to an attack to control abnormal behavior of at least one entity of a computer system, the method arranged to be performed by a processing system, the method comprising:
- creating a model of normal behavior of a group of entities that includes the at least one entity; and
configuring the system to apply restrictions to the at least one entity of the group of entities based on the model of normal behavior, wherein the step of applying restrictions to the at least one entity is carried out when a parameter is detected that exceeds a threshold value away from the modeled normal behavior of the at least one entity;
wherein the group of entities is generated by grouping a plurality of entities of the computer system based on data associated with the plurality of entities of the computer system; and
wherein the grouping of the plurality of entities of the computer system to generate the group of entities is performed by spectral partitioning.
4 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein is a method for use in detection of abnormal behavior of a group of a plurality of entities of a computer system. The method is arranged to be performed by a processing system and includes: creating a model of normal behavior of the group of entities; and determining, in accordance with the model of normal behavior of the group of entities, a parameter indicative of abnormal behavior of the group of entities. Also disclosed is an equivalent computer readable medium and anomalous behavior detection system.
42 Citations
13 Claims
-
1. A method for a system to detect a cyber threat and in response to an attack to control abnormal behavior of at least one entity of a computer system, the method arranged to be performed by a processing system, the method comprising:
-
creating a model of normal behavior of a group of entities that includes the at least one entity; and configuring the system to apply restrictions to the at least one entity of the group of entities based on the model of normal behavior, wherein the step of applying restrictions to the at least one entity is carried out when a parameter is detected that exceeds a threshold value away from the modeled normal behavior of the at least one entity; wherein the group of entities is generated by grouping a plurality of entities of the computer system based on data associated with the plurality of entities of the computer system; and wherein the grouping of the plurality of entities of the computer system to generate the group of entities is performed by spectral partitioning. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system to detect a cyber threat and in response to an attack to control abnormal behavior of at least one entity of a computer system,
a model of normal behavior of a group of entities that includes the at least one entity; - and
a restriction module configured to cooperate with the model of normal behavior, where the restriction module is configured to apply restrictions to the at least one entity of the group of entities based on the model of normal behavior, wherein the restriction module is configured to apply restrictions to the at least one entity when a parameter is detected that exceeds a threshold value away from the modeled normal behavior of the at least one entity; wherein the group of entities is generated by grouping a plurality of entities of the computer system based on data associated with the plurality of entities of the computer system; wherein the grouping of the plurality of entities of the computer system to generate the group of entities is performed by spectral partitioning; and wherein any instructions of the restriction module and the model are stored in one or more non-transitory computer readable mediums and are configured to be executed by one or more processors in the system.
- and
Specification