US 11,886,600 B2
Testing instrumentation for intrusion remediation actions
Kevin Lo, Redmond, WA (US); Daiqian Hu, Shanghai (CN); Hongquan Yin, Suzhou (CN); and Lei He, Suzhou (CN)
Assigned to Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on Oct. 18, 2021, as Appl. No. 17/503,653.
Application 17/503,653 is a division of application No. 16/037,380, filed on Jul. 17, 2018, granted, now 11,182,487.
Prior Publication US 2022/0108025 A1, Apr. 7, 2022
Int. Cl. H04L 29/06 (2006.01); G06F 21/57 (2013.01); G06F 21/55 (2013.01); G06F 21/56 (2013.01)
CPC G06F 21/577 (2013.01) [G06F 21/554 (2013.01); G06F 21/566 (2013.01); G06F 21/568 (2013.01)] 19 Claims
OG exemplary drawing
 
1. A computing system comprising:
a malicious activity detection system configured to detect malicious activity representing an unauthorized user access in an execution environment;
a remediation action execution system configured to execute an intrusion remediation action in the execution environment in response to detection of the malicious activity; and
a remediation validation system configured to:
automatically generate, based on a scheduling criterion, an isolated computing environment that
includes at least one machine selected from a plurality of machines in the execution environment based on a selection criterion, and
is isolated from the execution environment in which the malicious activity detection system is configured to detect the malicious activity,
set a test condition in the isolated computing environment, the test condition representing the malicious activity,
execute the intrusion remediation action in the isolated computing environment,
generate an efficacy indicator that indicates a remediation action efficacy based on execution of the intrusion remediation action in the isolated computing environment, and
generate an indication of a remediation action validation based on the efficacy indicator.