Method And System For Modeling All Operations And Executions Of An Attack And Malicious Process Entry
First Claim
Patent Images
1. A method for determining an entry point for an attack on an endpoint comprising:
- obtaining an attack root; and
,identifying a sequence of processes, and executions and creations associated with each of the process of the sequence, the sequence originating at the attack root.
1 Assignment
0 Petitions
Accused Products
Abstract
Computerized methods and systems determine an entry point or source of an attack on an endpoint, such as a machine, e.g., a computer, node of a network, system or the like. These computerized methods and systems utilize an attack execution/attack or start root, to build an attack tree, which shows the attack on the end point and the damage caused by the attack, as it propagates through the machine, network, system, or the like.
53 Citations
21 Claims
-
1. A method for determining an entry point for an attack on an endpoint comprising:
-
obtaining an attack root; and
,identifying a sequence of processes, and executions and creations associated with each of the process of the sequence, the sequence originating at the attack root. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for determining the extent of an attack on an endpoint, comprising:
-
obtaining an attack root; reading the attack root; analyzing the attack root to output subsequent processes associated with the attack root; reading each of the subsequent processes; and
,analyzing each of the subsequent processes to output additional processes associated, until there are not any more processes to be read. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer usable non-transitory storage medium having a computer program embodied thereon for causing a suitable programmed system to detect the extent of an attack on an endpoint, by performing the following steps when such program is executed on the system, the steps comprising:
-
obtaining an attack root; reading the attack root; analyzing the attack root to output subsequent processes associated with the attack root; reading each of the subsequent processes; and
,analyzing each of the subsequent processes to output additional processes associated, until there are not any more processes to be read. - View Dependent Claims (21)
-
Specification