- Patent Title: Network security anomaly and threat detection using rarity scoring
-
Application No.: US16016472Application Date: 2018-06-22
-
Publication No.: US11470096B2Publication Date: 2022-10-11
- Inventor: Sudhakar Muddu , Christos Tryfonas , Yijiang Li
- Applicant: Splunk Inc.
- Applicant Address: US CA San Francisco
- Assignee: Splunk Inc.
- Current Assignee: Splunk Inc.
- Current Assignee Address: US CA San Francisco
- Agency: Perkins Coie LLP
- Main IPC: H04L9/40
- IPC: H04L9/40 ; G06N20/00 ; G06F16/25 ; G06F16/28 ; G06F16/44 ; G06F16/901 ; G06F16/2457 ; H04L43/00 ; G06F40/134 ; G06N20/20 ; G06V10/22 ; G06N7/00 ; G06F3/0482 ; G06F3/0484 ; G06F3/04847 ; H04L41/0893 ; H04L43/062 ; H04L43/045 ; H04L43/08 ; G06F3/04842 ; G06N5/04 ; H04L41/14 ; H04L41/22 ; G06N5/02

Abstract:
A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.
Public/Granted literature
- US20180302423A1 NETWORK SECURITY ANOMALY AND THREAT DETECTION USING RARITY SCORING Public/Granted day:2018-10-18
Information query