-
公开(公告)号:US10909242B2
公开(公告)日:2021-02-02
申请号:US16169081
申请日:2018-10-24
Applicant: NEC Laboratories America, Inc.
Inventor: Ding Li , Xusheng Xiao , Zhichun Li , Guofei Jiang , Peng Gao
IPC: G06F21/55 , G06F9/54 , G06F16/33 , G06F21/57 , G06F16/2455
Abstract: A system and method are provided for identifying security risks in a computer system. The system includes an event stream generator configured to collect system event data from the computer system. The system further includes a query device configured to receive query requests that specify parameters of a query. Each query request includes at least one anomaly model. The query request and the anomaly model are included in a first syntax in which a system event is expressed as {subject-operation-object}. The system further includes a detection device configured to receive at least one query request from the query device and continuously compare the system event data to the anomaly models of the query requests to detect a system event that poses a security risk. The system also includes a reporting device configured to generate an alert for system events that pose a security risk detected by the detection device.
-
公开(公告)号:US20170220639A1
公开(公告)日:2017-08-03
申请号:US15364489
申请日:2016-11-30
Applicant: NEC Laboratories America, Inc.
Inventor: Xusheng Xiao , Zhichun Li , Fengyuan Xu , Peng Gao , Guofei Jiang
IPC: G06F17/30
CPC classification number: G06F16/24545 , G06F16/242 , G06F16/2448 , G06F16/245 , G06F16/24554 , G06F16/2477 , G06F21/00 , G06F21/554
Abstract: Systems and a method are provided. A system includes a Temporal Behavior Query Language (TBQL) server having a processor and a memory operably coupled to the processor. The TBQL server configured to construct a TBQL query using a grammar inference technique based on syntactic sugar to expedite query construction. The TBQL server is further configured to execute the TBQL query to generate TBQL query results.
-
公开(公告)号:US20190121973A1
公开(公告)日:2019-04-25
申请号:US16169081
申请日:2018-10-24
Applicant: NEC Laboratories America, Inc.
Inventor: Ding Li , Xusheng Xiao , Zhichun Li , Guofei Jiang , Peng Gao
Abstract: A system and method are provided for identifying security risks in a computer system. The system includes an event stream generator configured to collect system event data from the computer system. The system further includes a query device configured to receive query requests that specify parameters of a query. Each query request includes at least one anomaly model. The query request and the anomaly model are included in a first syntax in which a system event is expressed as {subject-operation-object}. The system further includes a detection device configured to receive at least one query request from the query device and continuously compare the system event data to the anomaly models of the query requests to detect a system event that poses a security risk. The system also includes a reporting device configured to generate an alert for system events that pose a security risk detected by the detection device.
-
公开(公告)号:US10860582B2
公开(公告)日:2020-12-08
申请号:US15364489
申请日:2016-11-30
Applicant: NEC Laboratories America, Inc.
Inventor: Xusheng Xiao , Zhichun Li , Fengyuan Xu , Peng Gao , Guofei Jiang
IPC: G06F16/00 , G06F16/2453 , G06F16/2458 , G06F16/2455 , G06F21/00 , G06F21/55 , G06F16/245 , G06F16/242
Abstract: Systems and a method are provided. A system includes a Temporal Behavior Query Language (TBQL) server having a processor and a memory operably coupled to the processor. The TBQL server configured to construct a TBQL query using a grammar inference technique based on syntactic sugar to expedite query construction. The TBQL server is further configured to execute the TBQL query to generate TBQL query results.
-
-
-
Search Results
4
records
(took 0.015 seconds)
