CORRELATING NETWORK EVENT ANOMALIES USING ACTIVE AND PASSIVE EXTERNAL RECONNAISSANCE TO IDENTIFY ATTACK INFORMATION

Abstract: a system and method for correlating network event anomalies to identify attack information, that identifies anomalous events within the network, identifies correlations between anomalies and other network events and resources, generates a behavior graph describing an attack pathway derived from the correlations, and determines an attack point of origin using the behavior graph.

Inventor(s): Jason Crabtree, Andrew Sellers, Richard Kelley

CPC Classification: H04L63/20 ({for managing network security; network security policies in general (filtering policies )})

Search for rejections for patent application number 20250168201