SecureWorks Corp.
SYSTEMS AND METHODS FOR IDENTIFYING ATTACK PATTERNS OR SUSPICIOUS ACTIVITY IN CLIENT NETWORKS

Abstract:

Systems and methods for identifying attack patterns or suspicious activity can include a profile builder, a primitive creator, and a compromise detector. The profile builder can populate one or more baseline activity profiles for each client of the plurality of clients or entities associated therewith. The primitive creator can create primitives by comparing identified or extracted features to information in the one or more baseline activity profiles. The compromise detector can receive primitives, and based on identified combinations or sequences of primitives, generate compromise events to be provided to clients.