×

LOCAL REPUTATION TO ADJUST SENSITIVITY OF BEHAVIORAL DETECTION SYSTEM

  • US 20130246605A1
  • Filed: 04/27/2011
  • Published: 09/19/2013
  • Est. Priority Date: 04/27/2011
  • Status: Active Grant
First Claim
Patent Images

1. A method performed by a data processing apparatus, the method comprising:

  • monitoring source assets in a network for activities that are indicative of potential security compromises, the network being an internet protocol based network that is logically independent from other internet protocol networks, and each activity that is being monitored being associated with a corresponding activity weight that is indicative of the reliability of the activity being the result of an actual security compromise;

    in response to monitoring an source asset performing an activity indicative of a potential security compromise, instantiating an source asset tracking instance in a computer memory, the source asset tracking instance including data identifying the source asset and the monitored activity;

    for each source asset tracking instance in the computer memory;

    updating the source asset tracking instance with data identifying subsequently monitored activities indicative of a potential security compromise in response to each monitoring of the source asset performing the subsequently monitored activity;

    determining a reputation value for an activity weight of a monitored activity;

    adjusting, only for the source asset, the activity weight of the monitored activity by the reputation value associated with the activity weight;

    determining an asset reputation for the source asset from the activity weights associated with the monitored activities; and

    determining that the source asset is a security risk when the asset reputation exceeds a threshold.

View all claims
  • 10 Assignments
Timeline View
Assignment View
    ×
    ×