Systems and methods for detecting and mitigating threats to a structured data storage system
First Claim
1. A method for detecting threats on a network, the method comprising:
- capturing target network traffic being transmitted between two or more hosts, wherein the target network traffic comprises a plurality of packets; and
using at least one hardware processor toassemble the plurality of packets into one or more messages,parse the assembled one or more messages to generate a semantic model of the target network traffic, wherein the semantic model comprises one or more representations of one or more operations or events represented by the one or more messages,generate one or more scores for the one or more operations or events using a plurality of scoring algorithms, andidentify one or more potentially threatening ones of the one or more operations or events based on the one or more scores.
6 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and computer-readable media for detecting threats on a network. In an embodiment, target network traffic being transmitted between two or more hosts is captured. The target network traffic comprises a plurality of packets, which are assembled into one or more messages. The assembled message(s) may be parsed to generate a semantic model of the target network traffic. The semantic model may comprise representation(s) of operation(s) or event(s) represented by the message(s). Score(s) for the operation(s) or event(s) may be generated using a plurality of scoring algorithms, and potential threats among the operation(s) or event(s) may be identified using the score(s).
33 Citations
69 Claims
-
1. A method for detecting threats on a network, the method comprising:
-
capturing target network traffic being transmitted between two or more hosts, wherein the target network traffic comprises a plurality of packets; and using at least one hardware processor to assemble the plurality of packets into one or more messages, parse the assembled one or more messages to generate a semantic model of the target network traffic, wherein the semantic model comprises one or more representations of one or more operations or events represented by the one or more messages, generate one or more scores for the one or more operations or events using a plurality of scoring algorithms, and identify one or more potentially threatening ones of the one or more operations or events based on the one or more scores. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A system for detecting threats on a network, the system comprising:
-
at least one hardware processor; and one or more executable modules that, when executed by the at least one hardware processor, capture target network traffic being transmitted between two or more hosts, wherein the target network traffic comprises a plurality of packets, assemble the plurality of packets into one or more messages, parse the assembled one or more messages to generate a semantic model of the target network traffic, wherein the semantic model comprises one or more representations of one or more operations or events represented by the one or more messages, generate one or more scores for the one or more operations or events using a plurality of scoring algorithms, and identify one or more potentially threatening ones of the one or more operations or events based on the one or more scores. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 49)
-
-
47. A non-transitory computer-readable medium having one or more instructions stored thereon for detecting threats on a network, wherein the one or more instructions, when executed by a processor, cause the processor to:
-
capture target network traffic being transmitted between two or more hosts, wherein the target network traffic comprises a plurality of packets; assemble the plurality of packets into one or more messages; parse the assembled one or more messages to generate a semantic model of the target network traffic, wherein the semantic model comprises one or more representations of one or more operations or events represented by the one or more messages; generate one or more scores for the one or more operations or events using a plurality of scoring algorithms; and identify one or more potentially threatening ones of the one or more operations or events based on the one or more scores. - View Dependent Claims (48, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69)
-
Specification