Processing

Please wait...

PATENTSCOPE will be unavailable a few hours for maintenance reason on Saturday 31.10.2020 at 7:00 AM CET
Settings

Settings

Goto Application

1. WO2020197681 - DETECTING A MISSING SECURITY ALERT USING A MACHINE LEARNING MODEL

Publication Number WO/2020/197681
Publication Date 01.10.2020
International Application No. PCT/US2020/019837
International Filing Date 26.02.2020
IPC
H04L 29/06 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
G06F 21/55 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
CPC
G06F 21/552
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
552involving long-term monitoring or reporting
H04L 63/1416
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
14for detecting or protecting against malicious traffic
1408by monitoring network traffic
1416Event detection, e.g. attack signature detection
H04L 63/1425
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
14for detecting or protecting against malicious traffic
1408by monitoring network traffic
1425Traffic logging, e.g. anomaly detection
H04L 63/1466
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
14for detecting or protecting against malicious traffic
1441Countermeasures against malicious traffic
1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Applicants
  • MICROSOFT TECHNOLOGY LICENSING, LLC [US]/[US]
Inventors
  • LEVIN, Roy
  • SCHERMAN, Mathias A.M.
Agents
  • KADOURA, Judy M.
  • ADJEMIAN, Monica
  • BARKER, Doug
  • CHATTERJEE, Aaron C.
  • CHEN, Wei-Chen Nicholas
  • CHOI, Daniel
  • CHURNA, Timothy
  • DINH, Phong
  • EVANS, Patrick
  • GABRYJELSKI, Henry
  • GUPTA, Anand
  • HINOJOSA-SMITH, Brianna L.
  • HWANG, William C.
  • JARDINE, John S.
  • LEE, Sunah
  • LEMMON, Marcus
  • MARQUIS, Thomas
  • MEYERS, Jessica
  • ROPER, Brandon
  • SPELLMAN, Steven
  • SULLIVAN, Kevin
  • SWAIN, Cassandra T.
  • WALKER, Matt
  • WIGHT, Stephen A.
  • WISDOM, Gregg
  • WONG, Ellen
  • WONG, Thomas S.
  • ZHANG, Hannah
  • TRAN, Kimberly
Priority Data
16/368,70428.03.2019US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) DETECTING A MISSING SECURITY ALERT USING A MACHINE LEARNING MODEL
(FR) DÉTECTION D'UNE ALERTE DE SÉCURITÉ MANQUANTE À L'AIDE D'UN MODÈLE D'APPRENTISSAGE AUTOMATIQUE
Abstract
(EN)
Methods, systems, and apparatuses are provided for detecting a missing security alert by receiving an alert sequence generated by a network security provider, applying the received alert sequence to a security incident model, receiving an indication from the security incident model that the received alert sequence corresponds to a security incident defined by a predetermined sequence of alerts that includes at least one alert missing from the received alert sequence, and generating a notification to the network security provider that indicates at least one of the security incident or the missing alert(s). In addition, the security incident model may be generated by providing a set of historical alerts and a set of historical security incidents to a machine learning algorithm to generate the security incident model.
(FR)
L'invention concerne des procédés, des systèmes et des appareils pour détecter une alerte de sécurité manquante par la réception d'une séquence d'alertes générée par un fournisseur de sécurité de réseau, l'application de la séquence d'alertes reçue à un modèle d'incident de sécurité, la réception d'une indication en provenance du modèle d'incident de sécurité selon laquelle la séquence d'alertes reçue correspond à un incident de sécurité défini par une séquence prédéterminée d'alertes qui comprend au moins une alerte manquante à partir de la séquence d'alertes reçue, et la génération d'une notification au fournisseur de sécurité de réseau qui indique l'incident de sécurité et/ou la ou les alertes manquantes. De plus, le modèle d'incident de sécurité peut être généré en fournissant un ensemble d'alertes historiques et un ensemble d'incidents de sécurité historiques à un algorithme d'apprentissage automatique pour générer le modèle d'incident de sécurité.
Also published as
Latest bibliographic data on file with the International Bureau