Who is the assignee on this patent?

Microsoft Technology Licensing Llc

What technology area does this patent fall under?

Primary CPC classification G06F21/56. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Jan 03 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Controlling malicious activity detection using behavioral models

US9536087B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9536087-B2
Application number	US-201514815990-A
Country	US
Kind code	B2
Filing date	Aug 1, 2015
Priority date	Mar 20, 2009
Publication date	Jan 3, 2017
Grant date	Jan 3, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Systems, methods, and computer program products are described for controlling malicious activity detection with respect to information technology assets based on behavioral models associated with the respective information technology assets. Protection rules and corresponding sensitivities associated with the behavioral models are applied by protection services to detect malicious activity with respect to the information technology assets.

First claim

Opening claim text (preview).

What is claimed is: 1. A system to control malicious activity detection, comprising: one or more processors; memory coupled to at least one of the one or more processors; an interface module, implemented using at least one of the one or more processors, configured to display a first graphical interface element at a presentation device that enables a user to select a behavioral model to be associated with an information technology asset, the interface module further configured to display a second graphical interface element that enables the user to select a detection sensitivity to be associated with the information technology asset; and an indicator distribution module, implemented using at least one of the one or more processors, configured to cause distribution of a behavioral model indicator indicating the selected behavioral model to a plurality of protection services deployed on one or more processing modules to cause the plurality of protection services to utilize a plurality of respective protection rule configurations corresponding to the selected behavioral model to generate respective malicious activity assessments with respect to the information technology asset, the indicator distribution module further configured to cause distribution of a detection sensitivity indicator indicating the selected detection sensitivity to the plurality of protection services to cause the plurality of protection services to utilize the plurality of respective protection rule configurations that further correspond to the selected detection sensitivity to generate the respective malicious activity assessments with respect to the information technology asset. 2. The system of claim 1 , wherein the first graphical interface element is configured to enable a user to select a behavioral model to be associated with a computer; wherein the interface module is configured to display the second graphical interface element that enables the user to select a detection sensitivity to be associated with the computer; and wherein the indicator distribution module is configured to cause distribution of the behavioral model indicator and the detection sensitivity indicator to the plurality of protection services to cause the plurality of protection services to utilize the plurality of respective protection rule configurations that correspond to the selected behavioral model and the selected detection sensitivity to generate the respective malicious activity assessments with respect to the computer. 3. The system of claim 1 , wherein the first graphical interface element is configured to enable a user to select a behavioral model to be associated with a user account; wherein the interface module is configured to display the second graphical interface element that enables the user to select a detection sensitivity to be associated with the user account; and wherein the indicator distribution module is configured to cause distribution of the behavioral model indicator and the detection sensitivity indicator to the plurality of protection services to cause the plurality of protection services to utilize the plurality of respective protection rule configurations that correspond to the selected behavioral model and the selected detection sensitivity to generate the respective malicious activity assessments with respect to the user account. 4. The system of claim 1 , wherein the first graphical interface element is configured to enable a user to select a behavioral model to be associated with a service; wherein the interface module is configured to display the second graphical interface element that enables the user to select a detection sensitivity to be associated with the service; and wherein the indicator distribution module is configured to cause distribution of the behavioral model indicator and the detection sensitivity indicator to the plurality of protection services to cause the plurality of protection services to utilize the plurality of respective protection rule configurations that correspond to the selected behavioral model and the selected detection sensitivity to generate the respective malicious activity assessments with respect to the service. 5. The system of claim 1 , wherein the first graphical interface element is configured to enable a user to select a behavioral model to be associated with an application; wherein the interface module is configured to display the second graphical interface element that enables the user to select a detection sensitivity to be associated with the application; and wherein the indicator distribution module is configured to cause distribution of the behavioral model indicator and the detection sensitivity indicator to the plurality of protection services to cause the plurality of protection services to utilize the plurality of respective protection rule configurations that correspond to the selected behavioral model and the selected detection sensitivity to generate the respective malicious activity assessments with respect to the application. 6. The system of claim 1 , wherein the first graphical interface element is configured to enable a user to select a behavioral model to be associated with an enterprise network; wherein the interface module is configured to display the second graphical interface element that enables the user to select a detection sensitivity to be associated with the enterprise network; and wherein the indicator distribution module is configured to cause distribution of the behavioral model indicator and the detection sensitivity indicator to the plurality of protection services to cause the plurality of protection services to utilize the plurality of respective protection rule configurations that correspond to the selected behavioral model and the selected detection sensitivity to generate the respective malicious activity assessments with respect to the enterprise network. 7. The system of claim 1 , wherein the first graphical interface element is configured to enable a user to select a plurality of behavioral models to be associated with the information technology asset; and wherein the behavioral model indicator indicates the selected plurality of behavioral models to the plurality of protection services to cause the plurality of protection services to utilize respective protection rule configurations corresponding to a combination of the selected behavioral models to generate the respective malicious activity assessments with respect to the information technology asset. 8. The system of claim 1 , wherein the interface module is further configured to display a third graphical interface element that enables the user to disable one or more protection technology sets, each protection technology set including at least two respective protection rules of the plurality of protection rule configurations; and wherein the indicator distribution module is further configured to cause distribution of a disablement indicator indicating the disabled one or more protection technology sets to the plurality of protection services to cause the plurality of protection services to not include the disabled one or more protection sets to generate the respective malicious activity assessments with respect to the information technology asset. 9. The system of claim 1 , wherein the interface module is further configured to display a third graphical interface element that enables the user to disable the plurality of protection rule configurations independently; and wherein the indicator distribution module is further configured to cause distribution of a disablement indicator indicating disabled protection rules to the plurality of protection services to cause the plurality of protection services to not incl

Assignees

Microsoft Technology Licensing Llc

Inventors

Classifications

G06F3/0484
for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range · CPC title
H04L63/1416
Event detection, e.g. attack signature detection · CPC title
H04L63/1425
Traffic logging, e.g. anomaly detection · CPC title
H04L63/0263
Rule management · CPC title
G06F21/56Primary
Computer malware detection or handling, e.g. anti-virus arrangements · CPC title

Patent family

Related publications grouped by family.

View patent family 42738717

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9536087B2 cover?: Systems, methods, and computer program products are described for controlling malicious activity detection with respect to information technology assets based on behavioral models associated with the respective information technology assets. Protection rules and corresponding sensitivities associated with the behavioral models are applied by protection services to detect malicious activity with…
Who is the assignee on this patent?: Microsoft Technology Licensing Llc
What technology area does this patent fall under?: Primary CPC classification G06F21/56. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Jan 03 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).