公开(公告)号：US20200304535A1

公开(公告)日：2020-09-24

申请号：US16814689

申请日：2020-03-10

Applicant: Booz Allen Hamilton Inc.

Inventor： Aaron SANT-MILLER ,  Andre Tai NGUYEN ,  William Hall BADART ,  Sarah OLSON ,  Jesse SHANAHAN

IPC: H04L29/06 ,  G06N20/00

Abstract: A method for detecting and/or identifying a cyber-attack on a network can include segmenting the network using a segmentation method with machine learning to generate one or more network segments; assigning a score to a data point within each network segment based on a presence or absence of an identified anomalous behavior of the data point; analyzing network data flow, via behavioral modeling, to provide a context for characterizing the anomalous behavior; combining, via a reinforcement learning agent, outputs of the segmentation method with behavioral modelling and assigned score to detect and/or identify a cyber-attack; providing one or more alerts to an analyst; receiving an analyst assessment of an effectiveness of the detection and/or identification; and providing the analyst assessment as feedback to the reinforcement learning agent.

公开(公告)号：US20180034842A1

公开(公告)日：2018-02-01

申请号：US15219713

申请日：2016-07-26

Applicant: Booz Allen Hamilton Inc.

Inventor： Eric SMYTH ,  Aaron SANT-MILLER ,  Kevin FIELD

IPC: H04L29/06 ,  G06N99/00 ,  G06N7/00

CPC classification number: H04L63/1433 ,  G06F21/552 ,  G06F21/577 ,  G06N7/005 ,  G06N99/005

Abstract: A predictive engine for analyzing existing vulnerability information to determine the likelihood of a vulnerability being exploited by malicious actors against a particular computer or network of computers. The predictive engine relies on multiple data sources providing historical vulnerability information, a plurality of predictive models, and periodic retraining of the prediction ensemble utilizing predictive models. Modeling schemes may also be used when retraining the predictive models forming the prediction ensemble.