FIELD: computer engineering.
SUBSTANCE: behavioural computer security system protects clients and networks from threats such as malware and intrusion. A set of client profiles is created according to a learning corpus of events occurring on clients, with each client profile representing a subset of protected machines, and each client profile pointing to the normal or base usage pattern of the machines assigned to the corresponding client profile. A client profile can group together machines that have similar event statistics. After training, the events detected on the client are selectively analysed against the client profile associated with the respective client to detect anomalous behaviour. In some implementation variants, individual events are analysed in the context of other events using a multi-dimensional event embedding space.
EFFECT: increased degree of detection of computer security threats, such as malware and intrusion.
21 cl, 1 tbl, 17 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| SYSTEMS AND METHODS FOR DETECTING BEHAVIOURAL THREATS | 2019 |
|
RU2772549C1 |
| SYSTEMS AND METHODS FOR DETECTING BEHAVIOURAL THREATS | 2019 |
|
RU2778630C1 |
| COMPUTER SYSTEM AND METHOD FOR DETECTING MALWARE USING MACHINE LEARNING | 2021 |
|
RU2802860C1 |
| SYSTEMS AND METHODS FOR REPORTING COMPUTER SECURITY INCIDENTS | 2019 |
|
RU2757597C1 |
| METHOD AND SYSTEM FOR MACHINE LEARNING OF HIERARCHICALLY ORGANIZED PURPOSEFUL BEHAVIOR | 2019 |
|
RU2755935C2 |
| SYSTEMS AND METHODS FOR TRANSLATING NATURAL LANGUAGE SENTENCES INTO DATABASE QUERIES | 2019 |
|
RU2792579C2 |
| METHOD OF SEARCHING FOR USERS MEETING REQUIREMENTS | 2019 |
|
RU2739873C2 |
| CASCADE CLASSIFIER FOR THE COMPUTER SECURITY APPLICATIONS | 2016 |
|
RU2680738C1 |
| METHOD AND SYSTEM FOR WARNING ABOUT UPCOMING ANOMALIES IN THE DRILLING PROCESS | 2021 |
|
RU2772851C1 |
| SYSTEMS AND METHODS FOR USING DNS MESSAGES FOR SELECTIVE COLLECTION OF COMPUTER FORENSIC DATA | 2020 |
|
RU2776349C1 |
