公开(公告)号：US11777945B1

公开(公告)日：2023-10-03

申请号：US17586086

申请日：2022-01-27

Applicant: SPLUNK Inc.

Inventor： George Apostolopoulos ,  Ignacio Nicolas Bermudez Corrales

IPC: G06N20/00 ,  G06N7/00 ,  H04L9/40 ,  G06F16/28

CPC classification number: H04L63/102 ,  G06F16/288 ,  G06N7/00 ,  G06N20/00 ,  H04L63/1425

Abstract: Embodiments of the present invention are directed to facilitating detection of suspicious access to resources. In accordance with aspects of the present disclosure, an access graph is generated. The access graph contains access data that includes observed accesses between entities and resources. Access scores can be determined for entity-resource pairs in the access graph by applying a set of access rules to the entity-resource pairs in the access graph. The access scores indicate an extent of relatedness between the corresponding entity and resource. Thereafter, the access scores can be used to train a probabilistic prediction model that predicts suspiciousness of accesses between entities and resources.

公开(公告)号：US11271939B2

公开(公告)日：2022-03-08

申请号：US16051236

申请日：2018-07-31

Applicant: SPLUNK INC.

Inventor： George Apostolopoulos ,  Ignacio Nicolas Bermudez Corrales

IPC: G06N20/00 ,  G06N7/00 ,  H04L29/06 ,  G06F16/28

Abstract: Embodiments of the present invention are directed to facilitating detection of suspicious access to resources. In accordance with aspects of the present disclosure, an access graph is generated. The access graph contains access data that includes observed accesses between entities and resources. Access scores can be determined for entity-resource pairs in the access graph by applying a set of access rules to the entity-resource pairs in the access graph. The access scores indicate an extent of relatedness between the corresponding entity and resource. Thereafter, the access scores can be used to train a probabilistic prediction model that predicts suspiciousness of accesses between entities and resources.

公开(公告)号：US20200045049A1

公开(公告)日：2020-02-06

申请号：US16051236

申请日：2018-07-31

Applicant: SPLUNK INC.

Inventor： George Apostolopoulos ,  Ignacio Nicolas Bermudez Corrales

IPC: H04L29/06 ,  G06N7/00 ,  G06F17/30 ,  G06F15/18

Abstract: Embodiments of the present invention are directed to facilitating detection of suspicious access to resources. In accordance with aspects of the present disclosure, an access graph is generated. The access graph contains access data that includes observed accesses between entities and resources. Access scores can be determined for entity-resource pairs in the access graph by applying a set of access rules to the entity-resource pairs in the access graph. The access scores indicate an extent of relatedness between the corresponding entity and resource. Thereafter, the access scores can be used to train a probabilistic prediction model that predicts suspiciousness of accesses between entities and resources.