SECURITY THREAT DETECTION ASSOCIATED WITH SECURITY EVENTS AND AN ACTOR CATEGORY MODEL
First Claim
Patent Images
1. A method of determining a security threat comprising:
- storing security events (501) associated with network devices;
storing an actor category model (503) including a plurality of levels arranged in a hierarchy and each level is associated with a subcategory for a category of the model;
correlating security events (505) with the actor category model; and
determining, by a computer system, whether the security threat exists (506) based on the correlating.
8 Assignments
0 Petitions
Accused Products
Abstract
Security events associated with network devices and an actor category model are stored (501, 503). The actor category model includes levels arranged in a hierarchy and each level is associated with a subcategory for a category of the model. Security events are correlated with the actor category model (505), and a determination of whether a security threat exists is performed based on the correlating (506).
-
Citations
15 Claims
-
1. A method of determining a security threat comprising:
-
storing security events (501) associated with network devices; storing an actor category model (503) including a plurality of levels arranged in a hierarchy and each level is associated with a subcategory for a category of the model; correlating security events (505) with the actor category model; and determining, by a computer system, whether the security threat exists (506) based on the correlating. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A threat detection system (110) comprising:
-
a data storage (111) to store security events associated with network devices, and an actor category model including a plurality of levels arranged in a hierarchy and each level is associated with a subcategory for a category of the model; and a processor (602) to correlate security events with the actor category model, and to determine whether a security threat exists based on the correlating. - View Dependent Claims (12, 13)
-
-
14. A non-transitory computer readable medium (604) storing machine readable instructions that when executed by a computer system (600) performs a method comprising:
-
storing security events (501) associated with network devices; storing an actor category model (503) including a plurality of levels arranged in a hierarchy and each level is associated with a subcategory for a category of the model; correlating security events (505) with the actor category model; and determining, by a computer system, whether the security threat exists (506) based on the correlating. - View Dependent Claims (15)
-
Specification