‌

US Patent 11888881 Context informed abnormal endpoint behavior detection

Patent 11888881 was granted and assigned to Palo Alto Networks on January, 2024 by the United States Patent and Trademark Office.

Overview Structured Data Issues Contributors

Is a

0

Patent attributes

Patent Applicant

Palo Alto Networks

0

Current Assignee

Palo Alto Networks

0

Patent Jurisdiction

United States Patent and Trademark Office

0

Patent Number

Patent Inventor Names

Ohad Ohayon0

Arkady Miasnikov0

Dany Cohen0

Shai Meir0

Date of Patent

January 30, 2024

0

Patent Application Number

179312530

Date Filed

September 12, 2022

0

Patent Citations

US Patent 10122818 Method and system for generating behavior profiles for device members of a network

0

US Patent 10929258 Method and system for model-based event-driven anomalous behavior detection

0

US Patent 10735551 Method and system for generating behavior profiles for device members of a network

0

US Patent 9306962 Systems and methods for classifying malicious network events

0

US Patent 9419996 Detection and prevention for malicious threats

0

US Patent 9928366 Endpoint malware detection using an event graph

0

US Patent 9967265 Detecting malicious online activities using event stream processing over a graph database

0

US Patent 10122687 Firewall techniques for colored objects on endpoints

0

Patent Primary Examiner

Badri Narayanan Champakesan

0

CPC Code

0

0

0

0

0

Patent abstract

Adaptive normal profiles are generated at a hierarchical scope corresponding to a set of endpoints and a process. Abnormal endpoint activity is detected by verifying whether event data tracking activity on the set of endpoints conforms to the adaptive normal profiles. False positives are reduced by verifying alarms correspond to normal endpoint activity. Abnormal event data is forwarded to a causality chain identifier that identifies abnormal chains of processes for the abnormal endpoint activity. A trained threat detection model receives abnormal causality chains from the causality chain identifier and indicates a likelihood of corresponding to a malicious attack that indicates abnormal endpoint behavior.

Timeline

No Timeline data yet.

Further Resources

Title

Author

Link

Type

Date

No Further Resources data yet.

References

Find more entities like US Patent 11888881 Context informed abnormal endpoint behavior detection

Use the Golden Query Tool to find similar entities by any field in the Knowledge Graph, including industry, location, and more.

Open Query Tool

Golden Query Tool