Abstract: A computer-implemented method for detecting security events may include (1) identifying facets of candidate security events detected by a network security system, (2) assigning each of the facets of the candidate security events to one of multiple groups of facets to create permutations of the facets, (3) comparing, for each group of facets, the candidate security events according to a similarity algorithm that indicates similarity between the candidate security events, (4) generating, for each group of facets, a weak classifier for detecting security events based on a nearest neighbor graph, and (5) performing, by the network security system, a remedial action in response to classifying a candidate security event as a security threat by applying a combination of the weak classifiers for the groups of facets to the candidate security event. Various other methods, systems, and computer-readable media are also disclosed.
Abstract: Applications, such as cloud services, may be deployed within a network environment (e.g., a cloud computing environment). Unfortunately, when the applications are instantiated within the network environment, they have the ability to compromise the security of other applications and/or the infrastructure of the network environment. Accordingly, as provided herein, a security scheme may be applied to a network environment within which an application is to be instantiated. The security scheme may comprise one or more security layers (e.g., virtual machine level security, application level security, operating system level security, etc.) derived from an application service model describing the application and/or resources allocated to the application.
March 31, 2009
Date of Patent:
December 31, 2013
Saad Syed, Chetan Shankar, Jose M. Bernabeu-Auban, Sushant P. Rewaskar, Muhammad Umer Azad