-
公开(公告)号:US10785243B1
公开(公告)日:2020-09-22
申请号:US16147467
申请日:2018-09-28
申请人: Symantec Corporation
发明人: Yufei Han , Michael Hart , Joseph Lopilato
摘要: Log text is encoded into a low dimensional feature vector. A temporal predictive model is constructed based on the low dimensional feature vector. The temporal predictive model is used to calculate probabilities of the occurrence of security incidents based on signature names from the log text encoded in the low dimensional feature vector. A preventative security action is automatically taken in response to the calculated probability of the occurrence of a specific security incident exceeding a given threshold.
-
公开(公告)号:US10721264B1
公开(公告)日:2020-07-21
申请号:US16286774
申请日:2019-02-27
申请人: Symantec Corporation
发明人: Matteo Dell'Amico , Chris Gates , Michael Hart , Kevin Roundy
摘要: The disclosed computer-implemented method for categorizing security incidents may include (i) generating, within a training dataset, a feature vector for each of a group of security incidents, the feature vector including features that describe the security incidents and the features including categories that were previously assigned to the security incidents as labels to describe the security incidents, (ii) training a supervised machine learning function on the training dataset such that the supervised machine learning function learns how to predict an assignment of future categories to future security incidents, (iii) assigning a category to a new security incident by applying the supervised machine learning function to a new feature vector that describes the new security incident, and (iv) notifying a client of the new security incident and the category assigned to the new security incident. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US10574700B1
公开(公告)日:2020-02-25
申请号:US15281130
申请日:2016-09-30
申请人: Symantec Corporation
发明人: Matteo Dell'Amico , Kevin Roundy , Chris Gates , Michael Hart
摘要: A computer-implemented method for managing computer security of client computing machines may include (i) monitoring a set of client computing devices, (ii) receiving security data on sets of security-related events from each client computing device in the set of client computing devices, (iii) clustering the sets of security-related events by calculating a dissimilarity value, for each set of security-related events, that indicates a uniqueness of the set of security-related events in relation to other sets of security-related events using a dissimilarity function and adjusting the dissimilarity function based on a homogeneity of clusters of sets of security-related events, (iv) determining, based on clustering the sets of security-related events by the dissimilarity value, that a set of security-related events comprises an anomaly, and (v) performing a security action in response to determining that the set of security-related events comprises the anomaly. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US10530805B1
公开(公告)日:2020-01-07
申请号:US15679131
申请日:2017-08-16
申请人: Symantec Corporation
发明人: Acar Tamersoy , Kevin Roundy , Michael Hart , Daniel Kats , Michael Spertus
IPC分类号: H04L29/06
摘要: The disclosed computer-implemented method for detecting security incidents may include (i) collecting, by a security server, security information describing security events detected on at least one client device, (ii) generating, based on the collected security information, a mathematical graph that includes a set of nodes designating machine-windows of data and a set of nodes designating detected security events, (iii) executing a random-walk-with-restart algorithm on the generated mathematical graph to sort the set of nodes designating machine-windows of data in terms of relevance to a set of ground truth nodes that indicate confirmed security threats, and (iv) performing a remedial security action to protect a user in response to detecting a candidate security threat based on sorting the set of nodes designating machine-windows of data by executing the random-walk-with-restart algorithm. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US10003606B2
公开(公告)日:2018-06-19
申请号:US15084522
申请日:2016-03-30
申请人: Symantec Corporation
CPC分类号: H04L63/1416 , G06F21/554 , G06F2201/86 , H04L63/1425
摘要: The disclosed computer-implemented method for detecting security threats may include (1) detecting, by a software security program, a security incident at a client device such that the software security program generates a signature report to identify the security incident, (2) querying an association database with the signature report to deduce another signature report that a different software security program would have predictably generated at the client device, the different software security program having been unavailable at the client device at a time of detecting the security incident, and (3) performing at least one protective action to protect the client device from a security threat associated with the security incident based on the other signature report deduced by querying the association database. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US09754109B1
公开(公告)日:2017-09-05
申请号:US14614435
申请日:2015-02-05
申请人: Symantec Corporation
发明人: Aleatha Parker-Wood , Michael Hart , Darren Shou , Chetan Verma
CPC分类号: G06F21/57 , G06F21/50 , G06F21/552 , G06F21/60 , G06F21/604 , G06F21/62 , G06F21/6218 , G06F2221/034 , H04L63/10 , H04L63/102 , H04L63/105 , H04L63/107
摘要: A computer-implemented method for managing access may include (1) identifying an attempt to perform, within a computing environment, an action that involves a specific entity, (2) determining that the attempted action is anomalous for the specific entity, (3) identifying a quota of allowed anomalous actions for the specific entity, (4) determining that the attempted action causes a count of anomalous actions to exceed the quota of allowed anomalous actions, and (5) performing a security action based on the determination that the attempted action causes the count of anomalous actions to exceed the quota of allowed anomalous actions. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US09692772B2
公开(公告)日:2017-06-27
申请号:US15018758
申请日:2016-02-08
申请人: Symantec Corporation
发明人: Michael Hart , Darrell Kienzle , Peter Ashley
CPC分类号: H04L63/14 , G06F21/56 , G06F2221/034 , H04L63/145
摘要: A method to identify machines infected by malware is provided. The method includes determining whether a universal resource locator in a network request is present in a first cache and determining whether a fully qualified domain name from the uniform resource locator is present in a second cache. The method includes evaluating a parent hostname as to suspiciousness. The method includes indicating the computing device has a likelihood of infection, responsive to one of: the universal resource locator being present in the first cache with a first indication of suspiciousness, the fully qualified domain name being present in the second cache with a second indication of suspiciousness, or the evaluating the parent hostname having a third indication of suspiciousness, wherein at least one method operation is performed by the processor. A system and computer readable media are provided.
-
公开(公告)号:US10142213B1
公开(公告)日:2018-11-27
申请号:US14492960
申请日:2014-09-22
申请人: Symantec Corporation
发明人: Michael Hart , Darren Shou
IPC分类号: G06F15/173 , H04L12/26 , H04L29/08
摘要: Techniques for providing event driven notifications are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for providing event driven notifications comprising monitoring an electronic media feed for an event associated with a specified criteria, identifying, using at least one computer processor, a plurality of events in the electronic media feed, filtering the plurality of events, identifying an event of the plurality of events matching a specified location, and providing a notification associated with the identified event.
-
公开(公告)号:US20170289178A1
公开(公告)日:2017-10-05
申请号:US15084522
申请日:2016-03-30
申请人: Symantec Corporation
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , G06F21/554 , G06F2201/86 , H04L63/1425
摘要: The disclosed computer-implemented method for detecting security threats may include (1) detecting, by a software security program, a security incident at a client device such that the software security program generates a signature report to identify the security incident, (2) querying an association database with the signature report to deduce another signature report that a different software security program would have predictably generated at the client device, the different software security program having been unavailable at the client device at a time of detecting the security incident, and (3) performing at least one protective action to protect the client device from a security threat associated with the security incident based on the other signature report deduced by querying the association database. Various other methods, systems, and computer-readable media are also disclosed.
-
10.发明申请Method to Detect Malicious Behavior by Computing the Likelihood of Data Accesses 审中-公开通过计算数据访问的可能性来检测恶意行为的方法公开(公告)号:US20160306967A1
公开(公告)日:2016-10-20
申请号:US14690171
申请日:2015-04-17
申请人: Symantec Corporation
IPC分类号: G06F21/56
CPC分类号: G06F21/56 , G06F21/55 , G06F2221/034
摘要: A method, performed by a processor to detect malicious or risky data accesses is provided. The method includes modeling user accesses to a content repository as to probability of a user accessing data in the content repository, based on a history of user accesses to the content repository. The method includes scoring a singular user access to the content repository, based on probability of access according to the modeling and alerting in accordance with the scoring.
摘要翻译: 提供了一种由处理器执行以检测恶意或危险的数据访问的方法。 该方法包括基于用户对内容存储库的访问历史来建模用户对内容存储库的访问,以便用户访问内容存储库中的数据的概率。 该方法包括基于根据评分的建模和警报的访问概率,对单个用户对内容存储库的访问进行评分。
-
-
-
-
-
-
-
-
-
搜索结果
26 条记录 (耗时 0.023 秒)
