Abstract: Systems and methods for detecting and responding to security threats using application execution and connection lineage tracing in accordance with embodiments of the invention are disclosed.
Abstract: Systems and methods for detecting injection exploits in a networked computing environment are disclosed. In one embodiment, a method for detection includes monitoring web applications that are executing and detecting when an execution function is received over a network and invoked, where an execution function is a function that accepts external free-form data values, detecting malicious code by generating a model of legitimate behavior subsequent to invocation of the execution function, comparing actual behavior to the model of legitimate behavior, and generating an alert when the actual behavior deviates from the model of legitimate behavior and validating whether the deviation of the actual behavior is due to one or more functions that accept external input.
Abstract: Systems and methods for detecting security threats using application execution and connection lineage tracing with embodiments of the invention are disclosed. In one embodiment, detecting suspicious activity in a network includes receiving at a collector server a first activity data including a first set of attributes, combining a first set of context information with the first activity data to generate a first activity record, comparing the first activity record to a set of baseline signatures, incrementing a count of a first matching baseline signature when the first activity record has the same values for all attributes, receiving a second activity data including a third set of attributes, combining a second set of context information with the second activity data to generate a second activity record, and generating an alert when the attributes of the second activity record differ from all baseline signatures.
Abstract: Systems and methods for detecting and responding to security threats using application execution and connection lineage tracing in accordance with embodiments of the invention are disclosed.