SYSTEM AND METHOD FOR DETECTION OF TARGETED ATTACK BASED ON INFORMATION FROM MULTIPLE SOURCES
First Claim
1. A method for detecting targeted attacks from a network resource, comprising:
- obtaining, by a processor of a computing device, data from multiple computer systems and devices connected with one another in a communications network to determine a possibility of a targeted attack from the network resource, the data comprising information relating to the network resource and a set of parameters of each computer system or device in accessing the network resource;
detecting discrepancies in the obtained data relating to the possibility of the targeted attack from the network resource from the multiple computer systems and devices;
forming and sending queries, by the processor, to a group of computer systems and devices detecting the possibility of the targeted attack with the set of parameters of the group of computer systems and devices in accessing the network resource; and
calculating a probability of the targeted attack from the network resource based at least upon information received from the group of computer systems and devices in response to the queries.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are methods, systems, and computer programs for detecting targeted attacks on compromised computer from multiple sources. An example method includes obtaining data from multiple computer systems and devices connected with one another in a communications network to determine a possibility of a targeted attack from a network resource, the data comprising information relating to the network resource and a set of parameters of each computer system or device in accessing the network resource; detecting discrepancies in the obtained data; forming and sending queries to a group of computer systems and devices detecting the possibility of the targeted attack with the set of parameters of the group of computer systems and devices in accessing the network resource; and calculating a probability of the targeted attack from the network resource based at least upon information received from the group of computer systems and devices in response to the queries.
-
Citations
20 Claims
-
1. A method for detecting targeted attacks from a network resource, comprising:
-
obtaining, by a processor of a computing device, data from multiple computer systems and devices connected with one another in a communications network to determine a possibility of a targeted attack from the network resource, the data comprising information relating to the network resource and a set of parameters of each computer system or device in accessing the network resource; detecting discrepancies in the obtained data relating to the possibility of the targeted attack from the network resource from the multiple computer systems and devices; forming and sending queries, by the processor, to a group of computer systems and devices detecting the possibility of the targeted attack with the set of parameters of the group of computer systems and devices in accessing the network resource; and calculating a probability of the targeted attack from the network resource based at least upon information received from the group of computer systems and devices in response to the queries. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for detecting targeted attacks from a network resource, comprising:
a processor of a computing device configured to; obtain data from multiple computer systems and devices connected with one another in a communications network to determine a possibility of a targeted attack from the network resource, the data comprising information relating to the network resource and a set of parameters of each computer system or device in accessing the network resource; detect discrepancies in the obtained data relating to the possibility of the targeted attack from the network resource from the multiple computer systems and devices; form and send queries to a group of computer systems and devices detecting the possibility of the targeted attack with the set of parameters of the group of computer systems and devices in accessing the network resource; and calculate a probability of the targeted attack from the network resource based at least upon information received from the group of computer systems and devices in response to the queries. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
15. A non-transitory computer-readable storage medium comprising computer-executable instructions for detecting targeted attacks from a network resource, including instructions for:
-
obtaining data from multiple computer systems and devices connected with one another in a communications network to determine a possibility of a targeted attack from the network resource, the data comprising information relating to the network resource and a set of parameters of each computer system or device in accessing the network resource; detecting discrepancies in the obtained data relating to the possibility of the targeted attack from the network resource from the multiple computer systems and devices; forming and sending queries to a group of computer systems and devices detecting the possibility of the targeted attack with the set of parameters of the group of computer systems and devices in accessing the network resource; and calculating a probability of the targeted attack from the network resource based at least upon information received from the group of computer systems and devices in response to the queries. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification