公开(公告)号：US20230229812A1

公开(公告)日：2023-07-20

申请号：US17577978

申请日：2022-01-18

Applicant: International Business Machines Corporation

Inventor： Abdulhamid Adebowale Adebayo ,  Anca Sailer ,  Muhammed Fatih Bulut ,  Daby Mousse Sow

IPC: G06F21/64 ,  G06N20/00

CPC classification number: G06F21/64 ,  G06N20/00

Abstract: One or more systems, devices, computer program products and/or computer-implemented methods of use provided herein relate to compliance mapping, and more particularly to aggregated mapping of one or more sets of context-based compliance data with standard compliance data, such as from a target domain and one or more associate domains. A system can comprise a memory that stores computer executable components, and a processor that executes the computer executable components stored in the memory, wherein the computer executable components can comprise a mapping component that can map a compliance control for a target domain based on a model trained by an active learning process that incorporates a plurality of contexts representing relationships between entities and associate domain specific dependencies.

公开(公告)号：US20230177169A1

公开(公告)日：2023-06-08

申请号：US17643205

申请日：2021-12-08

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Muhammed Fatih Bulut ,  Abdulhamid Adebowale Adebayo ,  Lilian Mathias Ngweta ,  Ting Dai ,  Constantin Mircea Adam ,  Daby Mousse Sow ,  Steven Ocepek

IPC: G06F21/57 ,  G06F21/56 ,  G06N5/04

CPC classification number: G06F21/577 ,  G06F21/566 ,  G06N5/04 ,  G06F2221/034

Abstract: An apparatus, a method, and a computer program product are provided that combine policy compliance with vulnerability management to provide a more accurate risk assessment of an environment. The method includes training a policy machine learning model using a first training dataset to generate a policy machine learning model to produce mitigation technique classifications and training a vulnerability machine learning model using a second training dataset to generate a vulnerability machine learning model to produce weakness type classifications. The method also includes mapping the mitigation technique classifications to attack techniques to produce a policy mapping and mapping the weakness type classifications to the attack techniques to produce a vulnerability mapping. The method further includes producing a risk assessment of a vulnerability based on the policy mapping and the vulnerability mapping.

公开(公告)号：US20220382583A1

公开(公告)日：2022-12-01

申请号：US17330583

申请日：2021-05-26

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： BRAULIO GABRIEL DUMBA ,  Jun Duan ,  Nerla Jean-Louis ,  Muhammed Fatih Bulut ,  Sai ZENG

IPC: G06F9/48 ,  G06F9/50

Abstract: A method for scheduling services in a computing environment includes receiving a service scheduling request corresponding to the computing environment and identifying a resource pool and a set of compliance requirements corresponding to the computing environment. The method continues by identifying target resources within the resource pool, wherein target resources are resources which meet the set of compliance requirements, and subsequently identifying a set of available target resources, wherein available target resources are target resources with scheduling availability. The method further includes analyzing the set of available target resources to determine a risk score for each available target resource and selecting one or more of the set of available target resources according to the determined risk scores. The method continues by scheduling a service corresponding to the service scheduling request on the selected one or more available target resources.

公开(公告)号：US20220129560A1

公开(公告)日：2022-04-28

申请号：US17078563

申请日：2020-10-23

Applicant: International Business Machines Corporation

Inventor： Muhammed Fatih Bulut ,  Milton H. Hernandez ,  Robert Filepp ,  Sai Zeng ,  Steven Ocepek ,  Srinivas Babu Tummalapenta ,  Daniel S. Riley

IPC: G06F21/57 ,  G06N20/00

Abstract: Systems and techniques that facilitate automated health-check risk assessment of computing assets are provided. In various embodiments, a system can comprise a baseline component that can generate a baseline health-check risk score that corresponds to non-compliance of a computing asset with a stipulated control. In various aspects, the system can further comprise an adjustment component that can adjust the baseline health-check risk score based on a weakness factor of the stipulated control. In some cases, the weakness factor can be based on a magnitude by which a state of the computing asset deviates from the stipulated control. In various embodiments, the adjustment component can further adjust the baseline health-check risk score based on an environmental factor of the computing asset. In various cases, the environmental factor can be based on security mechanisms or security protocols associated with the computing asset. In various embodiments, the adjustment component can further adjust the baseline health-check risk score based on a criticality factor. In some instances, the critical factor can be based on a level of importance of the computing asset. In various embodiments, the adjustment component can further adjust the baseline health-check risk score based on a maturity factor. In some aspects, the maturity factor can be based on a difference between the stipulated control and a recommended control.

公开(公告)号：US11188447B2

公开(公告)日：2021-11-30

申请号：US16294516

申请日：2019-03-06

Applicant: International Business Machines Corporation

Inventor： Anup Kalia ,  Muhammed Fatih Bulut ,  Jinho Hwang ,  Raghav Batta ,  Maja Vukovic ,  Jin Xiao ,  Rohit Madhukar Khandekar

IPC: G06F11/36 ,  G06F8/10 ,  G06K9/62 ,  G06F40/211

Abstract: Systems, computer-implemented methods, and computer program products that can facilitate creating and querying a knowledge base of identified topics, computer code actions, and parameters, are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a parameter component that can identify a result parameter in ones of one or more results, wherein the one or more results comprise topics and computer code actions. The computer executable components can further comprise a result component that can select a result of the one or more results based on a mapping of a query to the one or more results, the mapping being based on the result parameter identified in the result and a criterion.

公开(公告)号：US20210304063A1

公开(公告)日：2021-09-30

申请号：US16834463

申请日：2020-03-30

Applicant: International Business Machines Corporation

Inventor： Muhammed Fatih Bulut ,  Jinho Hwang ,  Ali Kanso ,  Shripad Nadgowda

IPC: G06N20/00 ,  G06N5/04 ,  G06K9/62 ,  G06F9/22

Abstract: Embodiments relate to a computer system, computer program product, and computer-implemented method to train a machine learning (ML) model using artificial intelligence to learn an association between (regulatory) compliance requirements and features of micro-service training datasets. The trained ML model is leveraged to determine the compliance requirements of a micro-service requiring classification. In an exemplary embodiment, once the micro-service has been classified with respect to applicable compliance requirements, the classified micro-service may be used as an additional micro-service training dataset to further train the ML model and thereby improve its performance.

公开(公告)号：US11093619B2

公开(公告)日：2021-08-17

申请号：US16172776

申请日：2018-10-27

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Constantin Adam ,  Muhammed Fatih Bulut ,  Milton Hernandez ,  Anup Kalia ,  John Rofrano ,  Maja Vukovic

IPC: G06F11/00 ,  G06F21/57 ,  H04L29/06 ,  G06F11/36 ,  G06F21/62

Abstract: A compliance of a system is managed. Internal parameters of the system are received. One or more compliance control documents that relate to the system are identified. Each compliance control document is decomposed into one or more auditable units. Auditable units that are relevant to the system, are identified. Relevant auditable units are mapped to a corresponding available executable code. Each mapped executable code is executed. A risk associated with each relevant auditable unit that is deemed to be not compliant is identified. For each compliance control document, a compliance risk is calculated based on the identified risk. A report of compliance risk for each document is created to be displayed on a user interface of a computing device.

公开(公告)号：US20200293970A1

公开(公告)日：2020-09-17

申请号：US16299421

申请日：2019-03-12

Applicant: International Business Machines Corporation

Inventor： Jinho Hwang ,  Constantin M. Adam ,  Muhammed Fatih Bulut ,  Milton H. Hernandez

IPC: G06Q10/06 ,  G06N20/00 ,  G06K9/62

Abstract: Embodiments relate to an intelligent computer platform to utilize machine learning techniques to minimize compliance risk. Data, collected from a plurality of sources is subject to analysis and correlation to assess impact across data points. The assessment measures impact between at least two different compliance domains, facilitates understanding of cross-impact between compliance domains, and provides an estimation of compliance risk. A recommendation plan for one or more new compliance activities is created and dynamically subject to a machine learning reinforcement algorithm.

公开(公告)号：US20190173813A1

公开(公告)日：2019-06-06

申请号：US15832330

申请日：2017-12-05

Applicant: International Business Machines Corporation

Inventor： Constantin Mircea Adam ,  Muhammed Fatih Bulut ,  Richard Baxter Hull ,  Anup Kalia ,  Maja Vukovic ,  Jin Xiao

IPC: H04L12/58 ,  G06N5/02 ,  G06F17/27 ,  G06F17/30 ,  G06Q10/10

Abstract: Techniques facilitating maintenance of tribal knowledge for accelerated compliance control deployment are provided. In one example, a system includes a memory that stores computer executable components and a processor that executes computer executable components stored in the memory, wherein the computer executable components include a knowledge base generation component that generates a knowledge graph corresponding to respective commitments created via tribal exchanges, the knowledge graph comprising a semantic level and an operational level; a semantic graph population component that populates the semantic level of the knowledge graph based on identified parties to the respective commitments; and an operational graph population component that populates the operational level of the knowledge graph based on tracked status changes associated with the respective commitments.

公开(公告)号：US20190163463A1

公开(公告)日：2019-05-30

申请号：US15826805

申请日：2017-11-30

Applicant: International Business Machines Corporation

Inventor： Muhammed Fatih Bulut ,  Lisa M. Chavez ,  Jinho Hwang ,  Virgina Mayo ,  Sai Zeng

IPC: G06F9/445

Abstract: Techniques facilitating relational patch orchestration based on impact analysis are provided. In one example, a computer-implemented method comprises creating, by a device operatively coupled to a processor, patch execution plans for one or more pending patches associated with a computing environment; quantifying, by the device, impact of respective ones of the patch execution plans based on dependencies associated with the respective ones of the patch execution plans; and optimizing, by the device, a patch execution plan from the patch execution plans based on the impact of the respective ones of the patch execution plans.