MALICIOUS THREAT DETECTION THROUGH TIME SERIES GRAPH ANALYSIS
First Claim
1. A computer-implemented method comprising:
- receiving, by a data analysis device, a data file comprising multiple log data entries, the log data entries including parameters associated with a computer network event in a computing network;
producing, by the data analysis device, a graphical model of the computing network based on at least one parameter included in the log data entries;
identifying, by the data analysis device, a parameter associated with the graphical model, the parameter also being associated with a node of the computing network;
performing, by the data analysis device, a time-series analysis on the parameter; and
determining, based on the time-series analysis on the parameter, at least one of an anomalous event associated with the computing network or a malicious event associated with the computing network.
1 Assignment
0 Petitions
Accused Products
Abstract
Malicious threat detection through time-series graph analysis, in which a data analysis device receives a data file comprising multiple log data entries. The log data entries include parameters associated with a computer network event in a computing network. The data analysis device produces a graphical model of the computing network based on at least one parameter included in the log data. The data analysis device also identifies a parameter associated with a node of the computer network represented by the graphical model, and performs a time-series analysis on the parameter. The data analysis device further determines, based on the time-series analysis on the parameter, at least one of an anomalous event associated with the computing network or a malicious event associated with the computing network.
34 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
receiving, by a data analysis device, a data file comprising multiple log data entries, the log data entries including parameters associated with a computer network event in a computing network; producing, by the data analysis device, a graphical model of the computing network based on at least one parameter included in the log data entries; identifying, by the data analysis device, a parameter associated with the graphical model, the parameter also being associated with a node of the computing network; performing, by the data analysis device, a time-series analysis on the parameter; and determining, based on the time-series analysis on the parameter, at least one of an anomalous event associated with the computing network or a malicious event associated with the computing network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An electronic system comprising:
-
one or more processing devices; and one or more machine-readable storage devices storing instructions that are executable by the one or more processing devices to perform operations comprising; receiving a data file comprising multiple log data entries, the log data entries including parameters associated with a computer network event in a computing network; producing a graphical model of the computing network based on at least one parameter included in the log data entries; identifying a parameter associated with the graphical model, the parameter also being associated with a node of the computing network; performing a time-series analysis on the parameter; and determining, based on the time-series analysis on the parameter, at least one of an anomalous event associated with the computing network or a malicious event associated with the computing network. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer storage unit disposed in a data analysis device and encoded with a computer program, the program comprising instructions that when executed by one or more processing units cause the one or more processing units to perform operations comprising:
-
receiving a data file comprising multiple log data entries, the log data entries including parameters associated with a computer network event in a computing network; producing a graphical model of the computing network based on at least one parameter included in the log data entries; identifying a parameter associated with the graphical model, the parameter also being associated with a node of the computing network; performing a time-series analysis on the parameter; and determining, based on the time-series analysis on the parameter, at least one of an anomalous event associated with the computing network or a malicious event associated with the computing network. - View Dependent Claims (20)
-
Specification