Microsoft technology licensing, llc (20240129323). MULTITENANT SHARING ANOMALY CYBERATTACK CAMPAIGN DETECTION simplified abstract

From WikiPatents
Revision as of 04:13, 26 April 2024 by Wikipatents (talk | contribs) (Creating a new page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

MULTITENANT SHARING ANOMALY CYBERATTACK CAMPAIGN DETECTION

Organization Name

microsoft technology licensing, llc

Inventor(s)

Yaakov Garyani of Raanana (IL)

Moshe Israel of Ramat Gan (IL)

Hani Hana Neuvirth of Tel Aviv (IL)

Ely Abramovitch of Tel Aviv (IL)

Amir Keren of Redmond WA (US)

Timothy William Burrell of Cheltenham (GB)

MULTITENANT SHARING ANOMALY CYBERATTACK CAMPAIGN DETECTION - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240129323 titled 'MULTITENANT SHARING ANOMALY CYBERATTACK CAMPAIGN DETECTION

Simplified Explanation

Embodiments detect cyberattack campaigns against multiple cloud tenants by analyzing activity data to find sharing anomalies. Data that appears benign in a single tenant's activities may indicate an attack when the same or similar data is also found for additional tenants. Attack detection may depend on activity time frames, on how similar certain activities of different tenants are to one another, on how unusual it is for different tenants to share an activity, and on other factors. Sharing anomaly analysis may utilize hypergeometric probabilities or other statistical measures. Detection avoidance attempts using digital entity randomization are revealed and thwarted. Authorized vendors may be recognized, mooting anomalousness. Although data from multiple tenants is analyzed together for sharing anomalies while monitoring for attacks, tenant confidentiality and privacy are respected through technical and legal mechanisms. Mitigation is performed in response to an attack indication.

  • Detect cyberattack campaigns against multiple cloud tenants
  • Analyze activity data to find sharing anomalies
  • Utilize hypergeometric probabilities for anomaly analysis
  • Thwart detection avoidance attempts using digital entity randomization
  • Respect tenant confidentiality and privacy
  • Perform mitigation in response to attack indication

Potential Applications

The technology can be applied in cloud security systems to detect and prevent cyberattack campaigns targeting multiple tenants.

Problems Solved

This technology helps in identifying sharing anomalies in cloud activities that may indicate cyberattacks, enhancing overall security measures for cloud tenants.

Benefits

- Improved detection of cyberattack campaigns - Enhanced security for multiple cloud tenants - Efficient mitigation strategies in response to attack indications

Potential Commercial Applications

The technology can be utilized by cloud service providers, cybersecurity firms, and organizations with cloud-based infrastructure to enhance their security measures against cyber threats.

Possible Prior Art

Prior art in the field of cloud security systems and anomaly detection algorithms may exist, but specific examples are not provided in this abstract.

Unanswered Questions

How does the technology differentiate between benign sharing anomalies and actual cyberattack campaigns?

The technology likely uses advanced algorithms and statistical measures to distinguish between normal sharing patterns and suspicious activities that could indicate a cyberattack.

What legal mechanisms are in place to ensure tenant confidentiality and privacy while analyzing data for sharing anomalies?

The abstract mentions that tenant confidentiality and privacy are respected through technical and legal mechanisms, but the specifics of these legal measures are not elaborated upon.


Original Abstract Submitted

embodiments detect cyberattack campaigns against multiple cloud tenants by analyzing activity data to find sharing anomalies. data that appears benign in a single tenant's activities may indicate an attack when the same or similar data is also found for additional tenants. attack detection may depend on activity time frames, on how similar certain activities of different tenants are to one another, on how unusual it is for different tenants to share an activity, and on other factors. sharing anomaly analysis may utilize hypergeometric probabilities or other statistical measures. detection avoidance attempts using digital entity randomization are revealed and thwarted. authorized vendors may be recognized, mooting anomalousness. although data from multiple tenants is analyzed together for sharing anomalies while monitoring for attacks, tenant confidentiality and privacy are respected through technical and legal mechanisms. mitigation is performed in response to an attack indication.

Retrieved from "http://wikipatents.org/index.php?title=Microsoft_technology_licensing,_llc_(20240129323)._MULTITENANT_SHARING_ANOMALY_CYBERATTACK_CAMPAIGN_DETECTION_simplified_abstract&oldid=56840"