首页>
外国专利>
DETECTING ZERO-DAY ATTACKS WITH UNKNOWN SIGNATURES VIA MINING CORRELATION IN BEHAVIORAL CHANGE OF ENTITIES OVER TIME
DETECTING ZERO-DAY ATTACKS WITH UNKNOWN SIGNATURES VIA MINING CORRELATION IN BEHAVIORAL CHANGE OF ENTITIES OVER TIME
展开▼
机译:通过实体随时间变化的采矿关联来检测未知特征的零日攻击
展开▼
页面导航
摘要
著录项
相似文献
摘要
Zero-day attacks with unknown attack signatures are detected by correlating behavior differences of a plurality of entities. An entity baseline behavior for each entity of the plurality of entities is determined 310, the entity baseline behavior includes multiple variables. An entity behavior difference for each entity is determined at a series of points in time 320. Correlations between the entity behavior differences for the plurality of entities are determined at the series of points in time 330. Based on these correlations, it is determined whether the plurality of entities is exhibiting coordinated behavior differences 340. An attack signature is determined based on the entity behavior differences and the correlations 350. A database of attack signatures is generated 360. 展开▼