METHOD AND APPARATUS FOR IDENTIFYING AND DETECTING THREATS TO AN ENTERPRISE OR E-COMMERCE SYSTEM

摘要

Methods and apparatuses for identifying and detecting threats to an enterprise or e-commerce system are disclosed, including grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources and/or from incoming data traffic to the enterprise or e-commerce system; extracting one or more features from the grouped log lines into one or more features tables; using one or more statistical models on the one or more features tables to identify statistical outliers; labeling the statistical outliers to create one or more labeled features tables; using the one or more labeled features tables to create one or more rules for identifying threats to the enterprise or e-commerce system; and using the one or more rules on incoming enterprise or e-commerce system data traffic to detect threats to the enterprise or e-commerce system. Other embodiments are described and claimed.

主权项

1. A method for identifying and detecting threats to an enterprise or e-commerce system, the method comprising:
grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources and/or from incoming data traffic to the enterprise or e-commerce system; extracting one or more features from the grouped log lines into one or more features tables; using one or more statistical models on the one or more features tables to identify statistical outliers; labeling, in response to received instructions, the statistical outliers to create one or more labeled features tables; and using the one or more labeled features tables to create one or more adaptive rules for performing at least one of:
further refining statistical models for identification of statistical outliers; andpreventing access by categorized threats to the enterprise or e-commerce system.