Systems and Methods for Detecting and Reacting to Malicious Activity in Computer Networks,申请号US201615147428-传众专利搜索

发明名称	Systems and Methods for Detecting and Reacting to Malicious Activity in Computer Networks
摘要	Described herein are systems and methods for performing potentially malicious activity detection operations. Embodiments may include receiving data associated with a plurality of authentication messages; analyzing the received data associated with the plurality of authentication messages; determining, based on the analyzing, a plurality of characteristics of the data associated with the authentication messages; receiving data associated with a new authentication message communicated over the network; determining a plurality of characteristics of the data associated with the new authentication message; comparing at least one determined characteristic of the new authentication message data with at least one of: a determined characteristic of the plurality of authentication messages data, known valid data, and known invalid data; and generating, based on the comparison, an assessment of whether the new authentication message is indicative of the potentially malicious activity in the network.
申请公布号	US2016330220(A1)	申请公布日期	2016.11.10
申请号	US201615147428	申请日期	2016.05.05
申请人	Cyber-Ark Software Ltd.	发明人	Dulkin Andrey;Lazarovitz Lavi
分类号	H04L29/06	主分类号	H04L29/06
代理机构		代理人
主权项	1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for detecting potentially malicious activity, comprising: receiving data associated with a plurality of authentication messages, wherein at least some of the received data includes secure ticket data, the authentication messages having been communicated over a network; analyzing the received data associated with the plurality of authentication messages; determining, based on the analyzing, a plurality of characteristics of the data associated with the authentication messages, wherein a characteristic from the plurality of characteristics includes the secure ticket data; receiving data associated with a new authentication message communicated over the network; determining a plurality of characteristics of the data associated with the new authentication message; comparing at least one determined characteristic of the new authentication message data with at least one of: a determined characteristic of the plurality of authentication messages data, known valid data, and known invalid data; and generating, based on the comparison, an assessment of whether the new authentication message is indicative of the potentially malicious activity in the network.
地址	Petach-Tikva IL