DIFFERENTIAL DEPENDENCY TRACKING FOR ATTACK FORENSICS
摘要
Methods and systems for intrusion attack recovery include monitoring (502) two or more hosts in a network to generate audit logs of system events. One or more dependency graphs (DGraphs) is generated (504) based on the audit logs. A relevancy score for each edge of the DGraphs is determined (510). Irrelevant events from the DGraphs are pruned (510) to generate a condensed backtracking graph. An origin is located by backtracking (512) from an attack detection point in the condensed backtracking graph.
申请公布号
WO2016057994(A1)
申请公布日期
2016.04.14
申请号
WO2015US55137
申请日期
2015.10.12
申请人
NEC LABORATORIES AMERICA, INC.
发明人
LI, ZHICHUN;WU, ZHENYU;QIAN, ZHIYUN;JIANG, GUOFEI;AKHOONDI, MASOUD;KUSANO, MARKUS
