×

CROSS-USER CORRELATION FOR DETECTING SERVER-SIDE MULTI-TARGET INTRUSION

  • US 20130326623A1
  • Filed: 06/05/2012
  • Published: 12/05/2013
  • Est. Priority Date: 06/05/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method for detecting server-side multi-target intrusions through cross-user correlation, the method comprising:

  • detecting a low-probability administrative event associated with a user of a datacenter, wherein the administrative event is one or more of a change to a user status, a change to a file associated with user status, a replacement of a key executable file associated with a user, a change to a data file associated with the user, a transfer, an update of status, an unusual port use, and/or an unusual hardware use;

    monitoring confluences of the administrative event within virtual machines of the datacenter across multiple users and/or deployments; and

    if the administrative event is detected across the multiple users and/or deployments at a level higher than a predefined probability threshold, classifying the administrative event as an attack.

View all claims
  • 6 Assignments
Timeline View
Assignment View
    ×
    ×