Who is the assignee on this patent?

Entit Software Llc, Micro Focus Llc

What technology area does this patent fall under?

Primary CPC classification G06F21/57. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Jun 07 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Strength of associations among data records in a security information sharing platform

US11356484B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11356484-B2
Application number	US-201616077233-A
Country	US
Kind code	B2
Filing date	Feb 12, 2016
Priority date	Feb 12, 2016
Publication date	Jun 7, 2022
Grant date	Jun 7, 2022

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Examples disclosed herein relate to strength of associations among data records in a security information sharing platform. Some examples may enable creating, in the security information sharing platform, an association between a security indicator comprising an observable, and a data record. Some examples may further enable determining strength of the association between the security indicator and the data record based on at least one of: a likelihood of change in the association; a creator of the association; an aging rate of the association; or a quality of evidence that supports the association.

First claim

Opening claim text (preview).

The invention claimed is: 1. A method for determining strengths of associations among data records in a security information sharing platform, the method comprising: creating, by the security information sharing platform that enables sharing of security information among a plurality of users, a first association between a first security indicator comprising an observable, and a first data record, the first association representing a relationship between the observable and the first data record; determining, by the security information sharing platform, a strength of the first association between the first security indicator and the first data record based on a plurality of parameters, the plurality of parameters comprising: a parameter indicating a likelihood of change in the first association; a parameter indicating an aging rate of the first association; and a parameter indicating a quality of evidence that supports the first association; and providing, by the security information sharing platform, a user interface comprising a visual representation of the created first association, the visual representation comprising an indication of the determined strength of the first association between the first security indicator and the first data record. 2. The method of claim 1 , wherein the first data record represents at least one of: an organization, an industry sector, a geography, a community of the security information sharing platform, a domain name, or a threat actor. 3. The method of claim 1 , further comprising: determining, by the security information sharing platform, an indicator score for the first security indicator based on the strength of the first association. 4. The method of claim 1 , further comprising: determining, by the security information sharing platform, a first hash value for the first data record and a second hash value for a second data record; in response to determining that the first hash value and the second hash value are identical, creating, by the security information sharing platform, a second association between the first data record and the second data record; and determining, by the security information sharing platform, the quality of evidence that supports the second association based on the evidence that the first hash value and the second hash value are identical. 5. The method of claim 4 , further comprising: determining, by the security information sharing platform, an indicator score for the first security indicator based on the strength of the second association. 6. The method of claim 1 , wherein the aging rate indicates a rate of reduction in the strength of the first association over a time period, the method further comprising: applying, by the security information sharing platform, the aging rate to the strength of the first association if the time period has passed since the creation of the first association. 7. The method of claim 1 , further comprising: obtaining, by the security information sharing platform, from a first source entity associated with the first data record, a first sighting of the observable, the first sighting of the observable indicating that the observable has been observed by the first source entity; obtaining, by the security information sharing platform, from a second source entity associated with the first data record, a second sighting of the observable, the second sighting of the observable indicating that the observable has been observed by the second source entity; determining, by the security information sharing platform, a number of sightings of the observable, the sightings of the observable including the first and second sightings of the observable; and creating, by the security information sharing platform, in the security information sharing platform, the first association based on the number of sightings of the observable. 8. A non-transitory machine-readable storage medium comprising instructions executable by a processor of a computing device for determining strength of associations among data records in a security information sharing platform, the non-transitory machine-readable storage medium comprising: instructions to determine, by the security information sharing platform, that a first observable is associated with a second observable, a threat actor, a malware, a chain of attack, an organization, an industry sector, a community of the security information sharing platform, a domain name, and any combination thereof; instructions to identify, by the security information sharing platform, a first data record that corresponds to the second observable, the threat actor, the malware, the chain of attack, the organization, the industry sector, the community, the domain name, and any combination thereof; instructions to create, by the security information sharing platform, a first association between a first security indicator comprising the first observable and the first data record, the first association representing a relationship between the first observable and the first data record; instructions to determine, by the security information sharing platform, a strength of the first association based on a plurality of parameters, the plurality of parameters comprising: a parameter indicating a likelihood of change in the first association over time; a parameter indicating an aging rate of the first association; and a parameter indicating a quality of evidence that supports the first association; and instructions to provide, by the security information sharing platform, a user interface comprising a visual representation of the created first association, the visual representation comprising an indication of the determined strength of the first association between the first security indicator and the first data record. 9. The non-transitory machine-readable storage medium of claim 8 , further comprising: instructions to create, by the security information sharing platform, a second association between a second data record and a third data record; instructions to determine, by the security information sharing platform, strength of the second association based on a plurality of parameters, the plurality of parameters comprising: a parameter indicating a likelihood of change in the second association over time; a parameter indicating an aging rate of the second association; and a parameter indicating a quality of evidence that supports the second association; instructions to determine, by the security information sharing platform, based on the parameter indicating the likelihood of change for the first association and the parameter indicating a likelihood of change for the second association, that the first association is less likely to change over time than the second association; and instructions to increase, by the security information sharing platform, the strength of the first association by a higher percentage than the strength of the second association. 10. The non-transitory machine-readable storage medium of claim 8 , further comprising: instructions to determine, by the security information sharing platform, an indicator score for the first security indicator based on the strength of the first association. 11. The non-transitory machine-readable storage medium of claim 8 , further comprising: instructions to obtain, by the security information sharing platform, a search query that specifies the first security indicator; and in response to the search query, instructions to provide, by the security information sharing platform, a set of data records associated with the first security indicator, the set of data records including the first data record. 12. The no

Assignees

Inventors

Classifications

G06F21/57Primary
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
H04L63/104
Grouping of entities · CPC title
H04L63/145
the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms · CPC title
G06F21/6218
to a system of files or objects, e.g. local or distributed file system or database · CPC title
G06F16/285
Clustering or classification · CPC title

Patent family

Related publications grouped by family.

View patent family 59563382

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11356484B2 cover?: Examples disclosed herein relate to strength of associations among data records in a security information sharing platform. Some examples may enable creating, in the security information sharing platform, an association between a security indicator comprising an observable, and a data record. Some examples may further enable determining strength of the association between the security indicator…
Who is the assignee on this patent?: Entit Software Llc, Micro Focus Llc
What technology area does this patent fall under?: Primary CPC classification G06F21/57. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Jun 07 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).