Systems and methods for generating contextually meaningful animated visualizations of computer security events

US 9,825,986 B1
Filed: 06/29/2015
Issued: 11/21/2017
Est. Priority Date: 06/29/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for generating contextually meaningful animated visualizations of computer security events, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

detecting a security-related event that involves an actor and a target within a computing environment;

identifying certain characteristics of the security-related event that collectively describe a context of the security-related event with respect to the actor and the target within the computing environment;

generating, based at least in part on the certain characteristics of the security-related event, a graphical animation of the security-related event that;

includes a motion-picture representation of the security-related event that, when presented to a user, changes with a passing of time; and

graphically represents the context of the security-related event with respect to the actor and the target within the computing environment;

generating a graphical timeline to which the motion-picture representation is synchronized such that, when presented to the user, the motion-picture representation changes consistent with the passing of time shown on the graphical timeline, wherein the graphical timeline includes;

a time marker that identifies a point in time reflected in the motion-picture representation; and

a graphical representation of the security-related event that is positioned relative to the time marker within the graphical timeline, wherein the time marker overlaps the graphical representation of the security-related event when the security-related event is reflected in the motion-picture representation; and

providing, for presentation to the user, the graphical animation of the security-related event to facilitate visualizing the context of the security-related event with respect to the actor and the target within the computing environment.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed computer-implemented method for generating contextually meaningful animated visualizations of computer security events may include (1) detecting a security-related event that involves an actor and a target within a computing environment, (2) identifying certain characteristics of the security-related event that collectively describe a context of the security-related event with respect to the actor and the target within the computing environment, (3) generating, based at least in part on the certain characteristics of the security-related event, a graphical animation of the security-related event that graphically represents the context of the security-related event with respect to the actor and the target within the computing environment, and then (4) providing, for presentation to a user, the graphical animation of the security-related event to facilitate visualizing the context of the security-related event with respect to the actor and the target. Various other methods, systems, and computer-readable media are also disclosed.

22 Citations

View as Search Results

16 Claims

1. A computer-implemented method for generating contextually meaningful animated visualizations of computer security events, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- detecting a security-related event that involves an actor and a target within a computing environment;
  
  identifying certain characteristics of the security-related event that collectively describe a context of the security-related event with respect to the actor and the target within the computing environment;
  
  generating, based at least in part on the certain characteristics of the security-related event, a graphical animation of the security-related event that;
  
  includes a motion-picture representation of the security-related event that, when presented to a user, changes with a passing of time; and
  
  graphically represents the context of the security-related event with respect to the actor and the target within the computing environment;
  
  generating a graphical timeline to which the motion-picture representation is synchronized such that, when presented to the user, the motion-picture representation changes consistent with the passing of time shown on the graphical timeline, wherein the graphical timeline includes;
  
  a time marker that identifies a point in time reflected in the motion-picture representation; and
  
  a graphical representation of the security-related event that is positioned relative to the time marker within the graphical timeline, wherein the time marker overlaps the graphical representation of the security-related event when the security-related event is reflected in the motion-picture representation; and
  
  providing, for presentation to the user, the graphical animation of the security-related event to facilitate visualizing the context of the security-related event with respect to the actor and the target within the computing environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the graphical animation of the security-related event comprises:
    - a graphical node that represents the actor;
      
      another graphical node that represents the target; and
      
      a graphical edge that represents an action performed by the actor on the target in connection with the security-related event.
  - 3. The method of claim 2, wherein the motion-picture representation of the security-related event, when presented to the user, animates the action performed by the actor on the target using the graphical node, the other graphical node, and the graphical edge.
  - 4. The method of claim 1, wherein the motion-picture representation of the security-related event, when presented to the user, animates a sequential flow of actions occurring over time with respect to at least the actor and the target within the computing environment.
  - 5. The method of claim 4, wherein generating the animation of the security-related event comprises generating the motion-picture representation of the security-related event such that, when presented to the user, the motion-picture representation depicts at least one action in the sequential flow of actions being performed by the actor and at least one other action in the sequential flow of actions being performed by the target.
  - 6. The method of claim 4, wherein generating the animation of the security-related event comprises generating the motion-picture representation of the security-related event such that, when presented to the user, the motion-picture representation:
    - depicts the actor positioned on a left side of the target on a display; and
      
      animates a time-based occurrence of the sequential flow of actions that flows from a left side of the display to a right side of the display over time.
  - 7. The method of claim 1, wherein generating the graphical animation of the security-related event comprises:
    - identifying a severity level of the security-related event; and
      
      providing, within the graphical animation of the security-related event, an animated feature designed to convey the severity level of the security-related event.
  - 8. The method of claim 7, wherein identifying a severity level of the security-related event comprises at least one of:
    - determining a reputation of the actor;
      
      determining a reputation of the target;
      
      determining a reputation of a file involved in the security-related event; and
      
      determining a prevalence of a file involved in the security-related event.

9. A system for generating contextually meaningful animated visualizations of computer security events, the system comprising:
- a detection module, stored in memory, that detects a security-related event that involves an actor and a target within a computing environment;
  
  an identification module, stored in memory, that identifies certain characteristics of the security-related event that collectively describe a context of the security-related event with respect to the actor and the target within the computing environment;
  
  a generation module, stored in memory, that;
  
  generates, based at least in part on the certain characteristics of the security-related event, a graphical animation of the security-related event that;
  
  includes a motion-picture representation of the security-related event that, when presented to a user, changes with a passing of time; and
  
  graphically represents the context of the security-related event with respect to the actor and the target within the computing environment;
  
  generates a graphical timeline to which the motion-picture representation is synchronized such that, when presented to the user, the motion-picture representation changes consistent with the passing of time shown on the graphical timeline, wherein the graphical timeline includes;
  
  a time marker that identifies a point in time reflected in the motion-picture representation; and
  
  a graphical representation of the security-related event that is positioned relative to the time marker within the graphical timeline, wherein the time marker overlaps the graphical representation of the security-related event when the security-related event is reflected in the motion-picture representation;
  
  a presentation module, stored in memory, that provides, for presentation to the user, the graphical animation of the security-related event to facilitate visualizing the context of the security-related event with respect to the actor and the target within the computing environment; and
  
  at least one physical processor configured to execute the detection module, the identification module, the generation module, and the presentation module.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the graphical animation of the security-related event comprises:
    - a graphical node that represents the actor;
      
      another graphical node that represents the target; and
      
      a graphical edge that represents an action performed by the actor on the target in connection with the security-related event.
  - 11. The system of claim 10, wherein the motion-picture representation of the security-related event, when presented to the user, animates the action performed by the actor on the target using the graphical node, the other graphical node, and the graphical edge.
  - 12. The system of claim 9, wherein the motion-picture representation of the security-related event, when presented to the user, animates a sequential flow of actions occurring over time with respect to at least the actor and the target within the computing environment.
  - 13. The system of claim 12, wherein the generation module generates the motion-picture representation of the security-related event such that, when presented to the user, the motion-picture representation depicts at least one action in the sequential flow of actions being performed by the actor and at least one other action in the sequential flow of actions being performed by the target.
  - 14. The system of claim 12, wherein the generation module generates the motion-picture representation of the security-related event such that, when presented to the user, the motion-picture representation:
    - depicts the actor positioned on a left side of the target on a display; and
      
      animates a time-based occurrence of the sequential flow of actions that flows from a left side of the display to a right side of the display over time.
  - 15. The system of claim 12, wherein generating the graphical animation of the security-related event comprises:
    - identifying a severity level of the security-related event; and
      
      providing, within the graphical animation of the security-related event, an animated feature designed to convey the severity level of the security-related event.

16. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- detect a security-related event that involves an actor and a target within a computing environment;
  
  identify certain characteristics of the security-related event that collectively describe a context of the security-related event with respect to the actor and the target within the computing environment;
  
  generate, based at least in part on the certain characteristics of the security-related event, a graphical animation of the security-related event that;
  
  includes a motion-picture presentation of the security-related event that, when presented to a user, changes with a passing of time; and
  
  graphically represents the context of the security-related event with respect to the actor and the target within the computing environment;
  
  generate a graphical timeline to which the motion-picture representation is synchronized such that, when presented to the user, the motion-picture representation changes consistent with the passing of time shown on the graphical timeline, wherein the graphical timeline includes;
  
  a time marker that identifies a point in time reflected in the motion-picture representation; and
  
  a graphical representation of the security-related event that is positioned relative to the time marker within the graphical timeline, wherein the time marker overlaps the graphical representation of the security-related event when the security-related event is reflected in the motion-picture representation; and
  
  provide, for presentation to a user, the graphical animation of the security-related event to facilitate visualizing the context of the security-related event with respect to the actor and the target within the computing environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gen Digital Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Bhatkar, Sandeep, Sundaram, Sharada, Roundy, Kevin, Silva, David
Primary Examiner(s)
Zaidi, Syed

Application Number

US14/753,038
Time in Patent Office

876 Days
Field of Search

726 23
US Class Current
CPC Class Codes

G06F 21/552   involving long-term monitor...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

Systems and methods for generating contextually meaningful animated visualizations of computer security events

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for generating contextually meaningful animated visualizations of computer security events

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others