公开(公告)号：US10264009B2

公开(公告)日：2019-04-16

申请号：US15219713

申请日：2016-07-26

Applicant: Booz Allen Hamilton Inc.

Inventor： Eric Smyth ,  Aaron Sant-Miller ,  Kevin Field

IPC: H04L29/06 ,  G06N20/00 ,  G06N7/00 ,  G06N99/00 ,  G06F21/57 ,  G06F21/55

Abstract: A predictive engine for analyzing existing vulnerability information to determine the likelihood of a vulnerability being exploited by malicious actors against a particular computer or network of computers. The predictive engine relies on multiple data sources providing historical vulnerability information, a plurality of predictive models, and periodic retraining of the prediction ensemble utilizing predictive models. Modeling schemes may also be used when retraining the predictive models forming the prediction ensemble.

公开(公告)号：US10931706B2

公开(公告)日：2021-02-23

申请号：US16814689

申请日：2020-03-10

Applicant: Booz Allen Hamilton Inc.

Inventor： Aaron Sant-Miller ,  Andre Tai Nguyen ,  William Hall Badart ,  Sarah Olson ,  Jesse Shanahan

IPC: H04L29/06 ,  G06N20/00

Abstract: A method for detecting and/or identifying a cyber-attack on a network can include segmenting the network using a segmentation method with machine learning to generate one or more network segments; assigning a score to a data point within each network segment based on a presence or absence of an identified anomalous behavior of the data point; analyzing network data flow, via behavioral modeling, to provide a context for characterizing the anomalous behavior; combining, via a reinforcement learning agent, outputs of the segmentation method with behavioral modelling and assigned score to detect and/or identify a cyber-attack; providing one or more alerts to an analyst; receiving an analyst assessment of an effectiveness of the detection and/or identification; and providing the analyst assessment as feedback to the reinforcement learning agent.

公开(公告)号：US10805343B2

公开(公告)日：2020-10-13

申请号：US16167095

申请日：2018-10-22

Applicant: Booz Allen Hamilton Inc.

Inventor： Aaron Sant-Miller ,  Greg McCullough ,  James Blaha ,  Morris LaGrand ,  Rachel Allen ,  Peter Guerra ,  Patrick Beggs

IPC: H04L29/06 ,  G06N5/02 ,  G06N20/00

Abstract: A method for securing a network by applying one or more artificial intelligence (AI) models in a computing environment with a computing speed selected as a function of a bandwidth of the network. The method includes receiving data at a node associated with the network, and identifying a suspected cyber adversarial event at the network. The method includes applying an AI model on the data in real-time to enrich the data with information that indicates behavior associated with an exploitation of the network, and analyzing the enriched data as part of a cyber workflow for an indication of a compromise associated with the exploitation of the network.

公开(公告)号：US20200128025A1

公开(公告)日：2020-04-23

申请号：US16167095

申请日：2018-10-22

Applicant: Booz Allen Hamilton Inc.

Inventor： Aaron Sant-Miller ,  Greg McCullough ,  James Blaha ,  Morris LaGrand ,  Rachel Allen ,  Peter Guerra ,  Patrick Beggs

IPC: H04L29/06 ,  G06N5/02

Abstract: A method for securing a network by applying one or more artificial intelligence (AI) models in a computing environment with a computing speed selected as a function of a bandwidth of the network. The method includes receiving data at a node associated with the network, and identifying a suspected cyber adversarial event at the network. The method includes applying an AI model on the data in real-time to enrich the data with information that indicates behavior associated with an exploitation of the network, and analyzing the enriched data as part of a cyber workflow for an indication of a compromise associated with the exploitation of the network.