METHOD AND APPARATUS FOR IDENTIFYING AND DETECTING THREATS TO AN ENTERPRISE OR E-COMMERCE SYSTEM
First Claim
1. A method for identifying and detecting threats to an enterprise or e-commerce system, the method comprising:
- grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources and/or from incoming data traffic to the enterprise or e-commerce system;
extracting one or more features from the grouped log lines into one or more features tables;
using one or more statistical models on the one or more features tables to identify statistical outliers;
labeling, in response to received instructions, the statistical outliers to create one or more labeled features tables; and
using the one or more labeled features tables to create one or more adaptive rules for performing at least one of;
further refining statistical models for identification of statistical outliers; and
preventing access by categorized threats to the enterprise or e-commerce system.
4 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatuses for identifying and detecting threats to an enterprise or e-commerce system are disclosed, including grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources and/or from incoming data traffic to the enterprise or e-commerce system; extracting one or more features from the grouped log lines into one or more features tables; using one or more statistical models on the one or more features tables to identify statistical outliers; labeling the statistical outliers to create one or more labeled features tables; using the one or more labeled features tables to create one or more rules for identifying threats to the enterprise or e-commerce system; and using the one or more rules on incoming enterprise or e-commerce system data traffic to detect threats to the enterprise or e-commerce system. Other embodiments are described and claimed.
-
Citations
30 Claims
-
1. A method for identifying and detecting threats to an enterprise or e-commerce system, the method comprising:
-
grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources and/or from incoming data traffic to the enterprise or e-commerce system; extracting one or more features from the grouped log lines into one or more features tables; using one or more statistical models on the one or more features tables to identify statistical outliers; labeling, in response to received instructions, the statistical outliers to create one or more labeled features tables; and using the one or more labeled features tables to create one or more adaptive rules for performing at least one of; further refining statistical models for identification of statistical outliers; and preventing access by categorized threats to the enterprise or e-commerce system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An apparatus for identifying and detecting threats to an enterprise or e-commerce system, the apparatus comprising:
-
one or more processors; system memory coupled to the one or more processors; one or more non-transitory memory units coupled to the one or more processors; and threat identification and detection code stored on the one or more non-transitory memory units that when executed by the one or more processors are configured to perform a method, comprising; grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources and/or from incoming data traffic to the enterprise or e-commerce system; extracting one or more features from the grouped log lines into one or more features tables; using one or more statistical models on the one or more features tables to identify statistical outliers; labeling, in response to received instructions, the statistical outliers to create one or more labeled features tables; and using the one or more labeled features tables to create one or more adaptive rules for performing at least one of; further refining statistical models for identification of statistical outliers; and preventing access by categorized threats to the enterprise or e-commerce system. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification