Show metadata Hide metadata

(19)

(11)

2 762 528

(13)

(51)

IPC

G06F21/55(2013-01-01)

G06N20/00(2019-01-01)

(21) (22)

Application

2020120436, 2020-06-19

(24)

Start date

2020-06-19

(22)

Actual filing date

2020-06-19

(45)

Published

2021-12-21

(72)

Inventor

Filonov Pavel VladimirovichSoldatov Sergej VladimirovichUdimov Daniil Alekseevich

(73)

Holder

Aktsionernoe Obshchestvo Kasperskogo"

METHOD FOR PROCESSING INFORMATION SECURITY EVENTS PRIOR TO TRANSMISSION FOR ANALYSIS Russian patent published in 2021 - IPC G06F21/55 G06N20/00

Abstract RU 2762528 C1

FIELD: computing technology.

SUBSTANCE: server-implemented method for processing information security events (hereinafter events) prior to transmission for analysis, wherein the events are received, wherein each event comprises at least one security notification received from a security tool installed on the computer apparatus of the user; a verdict is issued for each event, applying a trained machine learning model to determine the probability of false triggering, wherein a "false triggering" verdict is issued if the probability of false triggering for the corresponding event exceeds the preset first threshold, and otherwise an "information security incident" (hereinafter "incident") verdict is issued; the "false triggering" verdict is changed for a certain part of the events (hereinafter the first set of events) to the "incident" verdict, wherein the first set of events is selected, in particular, randomly among the events with the "false triggering" verdict; events with the lowest value of probability of false triggering are selected and sent for analysis to the analytical centre so that the amount of sent events does not exceed the preset fifth threshold.

EFFECT: reduction in the amount of events sent for analysis.

15 cl, 7 dwg

Similar patents RU2762528C1

Title	Year	Author	Number
METHOD FOR ADJUSTING THE PARAMETERS OF A MACHINE LEARNING MODEL IN ORDER TO IDENTIFY FALSE TRIGGERING AND INFORMATION SECURITY INCIDENTS	2020	Filonov Pavel Vladimirovich Soldatov Sergej Vladimirovich Udimov Daniil Alekseevich	RU2763115C1
SYSTEM AND METHOD OF DETECTING THE SIGNS OF COMPUTER ATTACKS	2017	Gordejchik Sergej Vladimirovich Sapronov Konstantin Vladimirovich Parshin Yurij Gennadevich Kheirkhabarov Tejmur Samedovich Soldatov Sergej Vladimirovich	RU2661533C1
SYSTEM AND METHOD OF CORRELATING EVENTS FOR DETECTING INFORMATION SECURITY INCIDENT	2019	Lyukshin Ivan Stanislavovich Kiryukhin Andrej Aleksandrovich Lukiyan Dmitrij Sergeevich Filonov Pavel Vladimirovich	RU2739864C1
METHOD FOR FILTERING EVENTS FOR TRANSMISSION TO REMOTE DEVICE	2022	Pintiiskii Vladislav Valerevich Tarakanov Dmitrii Vladimirovich Shulmin Aleksei Sergeevich Ovcharik Vladislav Ivanovich Kuskov Vladimir Anatolevich	RU2813239C1
SYSTEM AND METHOD OF CREATING ANTIVIRUS RECORD	2018	Gordejchik Sergej Vladimirovich Soldatov Sergej Vladimirovich Sapronov Konstantin Vladimirovich	RU2697954C2
SYSTEM AND METHOD FOR IDENTIFYING MALICIOUS FILES	2017	Gordejchik Sergej Vladimirovich Soldatov Sergej Vladimirovich Sapronov Konstantin Vladimirovich	RU2673407C1
METHOD FOR IDENTIFYING INFORMATION SECURITY THREATS (OPTIONS)	2023	Sergeev Viktor Gennadevich Skablonskii Andrei Vadimovich Vorontsov Dmitrii Viktorovich Spravtsev Iurii Vladimirovich	RU2802539C1
SYSTEM AND METHOD FOR DETERMINING THE LEVEL OF DANGER OF INFORMATION SECURITY EVENTS	2022	Zaitsev Oleg Vladimirovich	RU2800739C1
SYSTEM AND METHOD FOR DETERMINING THE FILE TRUST LEVEL	2019	Zagorskij Sergej Gennadevich Shvetsov Dmitrij Vladimirovich	RU2750628C2
SYSTEM AND METHOD OF DETECTING DIRECTED ATTACK ON CORPORATE INFRASTRUCTURE	2013	Polyakov Aleksej Aleksandrovich Sapronov Konstantin Vladimirovich	RU2587426C2

RU 2 762 528 C1

Authors

Filonov Pavel Vladimirovich

Soldatov Sergej Vladimirovich

Udimov Daniil Alekseevich

Dates

2021-12-21—Published

2020-06-19—Filed