17767558. INFORMATION PROCESSING DEVICE, DISPLAY METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM simplified abstract (NEC Corporation)
Contents
- 1 INFORMATION PROCESSING DEVICE, DISPLAY METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM
- 1.1 Organization Name
- 1.2 Inventor(s)
- 1.3 INFORMATION PROCESSING DEVICE, DISPLAY METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM - A simplified explanation of the abstract
- 1.4 Simplified Explanation
- 1.5 Potential Applications
- 1.6 Problems Solved
- 1.7 Benefits
- 1.8 Potential Commercial Applications
- 1.9 Original Abstract Submitted
INFORMATION PROCESSING DEVICE, DISPLAY METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM
Organization Name
Inventor(s)
Masafumi Watanabe of Tokyo (JP)
INFORMATION PROCESSING DEVICE, DISPLAY METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM - A simplified explanation of the abstract
This abstract first appeared for US patent application 17767558 titled 'INFORMATION PROCESSING DEVICE, DISPLAY METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM
Simplified Explanation
The abstract of the patent application describes an information processing device that receives anomalies detected by a monitoring device in a control system, collates the anomalies with predetermined conditions, determines if they match attack procedures, and extracts relevant events from specified attack procedures.
- Anomaly receiving means: Receives anomalies detected by a monitoring device.
- Collating means: Determines if anomalies match predetermined collating conditions for attack procedures.
- Further second determination: Checks if events in predefined attack procedures match collating conditions.
- Specifying attack procedure: Identifies attack procedures containing matching events.
- Extracting means: Extracts events matching predetermined extraction conditions from specified attack procedures.
Potential Applications
This technology could be applied in cybersecurity systems to detect and respond to potential attacks in real-time.
Problems Solved
This technology helps in quickly identifying and responding to security threats by automating the process of analyzing anomalies and matching them with known attack procedures.
Benefits
- Improved cybersecurity measures - Faster response to security threats - Reduction in manual analysis and response time
Potential Commercial Applications
Enhancing Cybersecurity Measures with Anomaly Detection and Response Technology
Unanswered Questions
1. How does the device prioritize different anomalies detected by the monitoring device?
2. Can this technology be integrated with existing security systems or does it require a standalone implementation?
Original Abstract Submitted
An information processing device () includes an anomaly receiving means () for receiving an anomaly detected by a monitoring device installed in a control system, a collating means () for receiving the anomaly from the anomaly receiving means (), making a first determination to determine whether the anomaly matches each of predetermined collating conditions for collating an event contained in an attack procedure and the anomaly, and when the first determination results in a match, making a further second determination to determine whether an event contained in each of predefined attack procedures matches the collating condition determined to match the anomaly, and when the second determination results in a match, specifying an attack procedure containing the event, and an extracting means () for extracting an event matching a predetermined extraction condition from the specified attack procedure.