公开(公告)号：US11012454B1

公开(公告)日：2021-05-18

申请号：US16230703

申请日：2018-12-21

申请人： SYMANTEC CORPORATION

发明人： Yufei Han ,  Xiaolin Wang

IPC分类号： H04L29/06 ,  G06F8/61

摘要： Detecting abnormal user behavior via temporally regularized tensor factorization. A method may include obtaining behavioral data of a plurality of users of cloud services to establish a first behavioral baseline; obtaining behavioral data for a particular user of the plurality of users to establish a second behavioral baseline; determining a first variation of behavior between the second and first behavioral baseline to determine an expected behavior; creating a tensor model for a succession of pre-determined time periods comprising multiple three-dimensional tensors; determining a temporal dependence between the multiple three-dimensional tensors; determining a temporal smoothness between the multiple three-dimensional tensors; predicting a future variation in behavior of the particular user based on a combination of the temporal dependence and the temporal smoothness, where the future variation in behavior indicates a potential security threat; and performing a remedial security action on a client device based on the predicted future variation in behavior.

公开(公告)号：US11032319B1

公开(公告)日：2021-06-08

申请号：US16119168

申请日：2018-08-31

申请人： Symantec Corporation

发明人： Kevin Roundy ,  Sandeep Bhatkar ,  Michael Rinehart ,  Xiaolin Wang

IPC分类号： H04L29/06 ,  G06F21/62 ,  G06F21/55 ,  G06N20/00 ,  G06F16/951

摘要： The disclosed computer-implemented method for preparing honeypot computer files may include (1) identifying, at a computing device, a search term used by a cyber attacker in an electronic search request, (2) identifying, without regard to a search access restriction, a sensitive computer document in search results stemming from the electronic search request, (3) creating, as a security action in response to the electronic search request, a honeypot computer file based on the sensitive computer document and including the identified search term, and (4) placing the honeypot computer file in the search results. Various other methods, systems, and computer-readable media are also disclosed.