摘要 |
<p>A computer-implemented method for using event-correlation graphs to detect attacks on computing systems may include (1) detecting a suspicious event involving a first actor within a computing system, (2) constructing an event-correlation graph that includes a first node that represents the first actor, a second node that represents a second actor, and an edge that interconnects the first node and the second node and represents a suspicious event involving the first actor and the second actor, (3) calculating, based at least in part on the additional suspicious event, an attack score for the event-correlation graph, (4) determining that the attack score is greater than a predetermined threshold, and (5) determining, based at least in part on the attack score being greater than the predetermined threshold, that the suspicious event may be part of an attack on the computing system. Various other methods, systems, and computer-readable media are also disclosed.</p> |
申请人 |
SYMANTEC CORPORATION |
发明人 |
ROUNDY, KEVIN ALEJANDRO;GUO, FANGLU;BHATKAR, SANDEEP;CHENG, TAO;FU, JIE;LI, ZHI KAI;SHOU, DARREN;SAWHNEY, SANJAY;TAMERSOY, ACAR;KHALIL, ELIAS |