首页>
外国专利>
Graph-based attack chain discovery in enterprise security systems
Graph-based attack chain discovery in enterprise security systems
展开▼
机译:企业安全系统中基于图的攻击链发现
展开▼
页面导航
摘要
著录项
相似文献
摘要
Methods and systems for detecting anomalous events include detecting anomalous events in monitored system data. An event correlation graph is generated based on the monitored system data that characterizes the tendency of processes to access system targets. Kill chains are generated that connect malicious events over a span of time from the event correlation graph that characterize events in an attack path over time by sorting events according to a maliciousness value and determining at least one sub-graph within the event correlation graph with an above-threshold maliciousness rank. A security management action is performed based on the kill chains.
展开▼