公开(公告)号：US09838410B2

公开(公告)日：2017-12-05

申请号：US14928985

申请日：2015-10-30

Applicant: Splunk Inc.

Inventor： Sudhakar Muddu ,  Christos Tryfonas ,  Ravi Prasad Bulusu

IPC: H04L29/06 ,  G06N99/00 ,  G06F17/30 ,  G06N7/00 ,  G06F3/0482 ,  G06F3/0484 ,  G06F17/22 ,  H04L12/24 ,  G06N5/04 ,  G06K9/20 ,  H04L12/26

CPC classification number: H04L63/1416 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F17/2235 ,  G06F17/30061 ,  G06F17/3053 ,  G06F17/30563 ,  G06F17/30598 ,  G06F17/30958 ,  G06K9/2063 ,  G06N5/04 ,  G06N7/005 ,  G06N99/005 ,  H04L41/0893 ,  H04L41/145 ,  H04L41/22 ,  H04L43/00 ,  H04L43/045 ,  H04L43/062 ,  H04L43/08 ,  H04L63/06 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20 ,  H04L2463/121

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

公开(公告)号：US09699205B2

公开(公告)日：2017-07-04

申请号：US14841634

申请日：2015-08-31

Applicant: Splunk Inc.

Inventor： Sudhakar Muddu ,  Christos Tryfonas ,  Ravi Prasad Bulusu

IPC: G06F21/00 ,  H04L29/06 ,  G06N99/00 ,  G06F17/30 ,  G06N7/00 ,  G06F3/0482 ,  G06F3/0484 ,  G06F17/22 ,  H04L12/24 ,  G06N5/04 ,  G06K9/20 ,  H04L12/26

CPC classification number: H04L63/1416 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F17/2235 ,  G06F17/30061 ,  G06F17/3053 ,  G06F17/30563 ,  G06F17/30598 ,  G06F17/30958 ,  G06K9/2063 ,  G06N5/04 ,  G06N7/005 ,  G06N99/005 ,  H04L41/0893 ,  H04L41/145 ,  H04L41/22 ,  H04L43/00 ,  H04L43/045 ,  H04L43/062 ,  H04L43/08 ,  H04L63/06 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20 ,  H04L2463/121

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

公开(公告)号：US20170142140A1

公开(公告)日：2017-05-18

申请号：US15418546

申请日：2017-01-27

Applicant: Splunk Inc.

Inventor： Sudhakar Muddu ,  Christos Tryfonas ,  Ravi Prasad Bulusu

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F17/2235 ,  G06F17/30061 ,  G06F17/3053 ,  G06F17/30563 ,  G06F17/30598 ,  G06F17/30958 ,  G06K9/2063 ,  G06N5/04 ,  G06N7/005 ,  G06N99/005 ,  H04L41/0893 ,  H04L41/145 ,  H04L41/22 ,  H04L43/00 ,  H04L43/045 ,  H04L43/062 ,  H04L43/08 ,  H04L63/06 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20 ,  H04L2463/121 ,  H05K999/99

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

公开(公告)号：US20170063910A1

公开(公告)日：2017-03-02

申请号：US14929187

申请日：2015-10-30

Applicant: Splunk Inc.

Inventor： Sudhakar Muddu ,  Christos Tryfonas ,  Ravi Prasad Bulusu ,  Marios Iliofotou

IPC: H04L29/06 ,  G06N99/00 ,  G06F17/30

CPC classification number: H04L63/1416 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F16/24578 ,  G06F16/254 ,  G06F16/285 ,  G06F16/444 ,  G06F16/9024 ,  G06F17/2235 ,  G06K9/2063 ,  G06N5/022 ,  G06N5/04 ,  G06N7/005 ,  G06N20/00 ,  H04L41/0893 ,  H04L41/145 ,  H04L41/22 ,  H04L43/00 ,  H04L43/045 ,  H04L43/062 ,  H04L43/08 ,  H04L63/06 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20 ,  H04L2463/121 ,  H05K999/99

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

Abstract translation: 安全平台采用多种技术和机制来检测计算机网络环境中的安全相关异常和威胁。 安全平台是“大数据”驱动，并采用机器学习来执行安全分析。 安全平台执行用户/实体行为分析（UEBA）以检测与安全性相关的异常和威胁，而不管这种异常/威胁是否已知。 安全平台可以包括用于检测异常和威胁的实时路径和批处理路径/模式。 通过视觉呈现具有风险评级和支持证据的分析结果，安全平台使网络安全管理员能够响应检测到的异常或威胁，并及时采取行动。

公开(公告)号：US20170063904A1

公开(公告)日：2017-03-02

申请号：US14928985

申请日：2015-10-30

Applicant: Splunk Inc.

Inventor： Sudhakar Muddu ,  Christos Tryfonas ,  Ravi Prasad Bulusu

IPC: H04L29/06 ,  G06N5/04 ,  G06N99/00

CPC classification number: H04L63/1416 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F17/2235 ,  G06F17/30061 ,  G06F17/3053 ,  G06F17/30563 ,  G06F17/30598 ,  G06F17/30958 ,  G06K9/2063 ,  G06N5/04 ,  G06N7/005 ,  G06N99/005 ,  H04L41/0893 ,  H04L41/145 ,  H04L41/22 ,  H04L43/00 ,  H04L43/045 ,  H04L43/062 ,  H04L43/08 ,  H04L63/06 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20 ,  H04L2463/121

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

Abstract translation: 安全平台采用多种技术和机制来检测计算机网络环境中的安全相关异常和威胁。 安全平台是“大数据”驱动，并采用机器学习来执行安全分析。 安全平台执行用户/实体行为分析（UEBA）以检测与安全性相关的异常和威胁，而不管这种异常/威胁是否已知。 安全平台可以包括用于检测异常和威胁的实时路径和批处理路径/模式。 通过视觉呈现具有风险评级和支持证据的分析结果，安全平台使网络安全管理员能够响应检测到的异常或威胁，并及时采取行动。

公开(公告)号：US11876821B1

公开(公告)日：2024-01-16

申请号：US18167040

申请日：2023-02-09

Applicant: Splunk Inc.

Inventor： Robert Winslow Pratt ,  Ravi Prasad Bulusu

IPC: H04L29/06 ,  H04L29/08 ,  H04L9/14 ,  H04L9/40 ,  G06N20/00

CPC classification number: H04L63/1425 ,  G06N20/00 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/20 ,  H04L2463/121

Abstract: First event data, indicative of a first activity on a computer network and second event data indicative of a second activity on the computer network, is received. A first machine learning anomaly detection model is applied to the first event data, by a real-time analysis engine operated by the threat indicator detection system in real time, to detect first anomaly data. A second machine learning anomaly detection model is applied to the first anomaly data and the second event data, by a batch analysis engine operated by the threat indicator detection system in a batch mode, to detect second anomaly data. A third anomaly is detected using an anomaly detection rule. The threat indictor system processes the first anomaly data, the second anomaly data, and the third anomaly data using a threat indicator model to identify a threat indicator associated with a potential security threat to the computer network.

公开(公告)号：US11575693B1

公开(公告)日：2023-02-07

申请号：US17125130

申请日：2020-12-17

Applicant: Splunk Inc.

Inventor： Sudhakar Muddu ,  Christos Tryfonas ,  Ravi Prasad Bulusu ,  Marios Iliofotou

IPC: H04L9/40 ,  G06F3/04847 ,  G06F3/04842 ,  H04L41/0893 ,  H04L43/045 ,  H04L43/08 ,  G06N5/04 ,  H04L41/14 ,  H04L41/22 ,  G06N5/02 ,  G06N20/00 ,  G06F16/25 ,  G06F16/28 ,  G06F16/44 ,  G06F16/901 ,  G06F16/2457 ,  H04L43/00 ,  G06F40/134 ,  G06N20/20 ,  G06N7/00 ,  G06F3/0482 ,  G06F3/0484 ,  H04L43/062 ,  G06V10/22

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

公开(公告)号：US20200296124A1

公开(公告)日：2020-09-17

申请号：US16886542

申请日：2020-05-28

Applicant: Splunk Inc.

Inventor： Robert Winslow Pratt ,  Ravi Prasad Bulusu

IPC: H04L29/06 ,  G06N20/00

Abstract: Techniques are described for processing anomalies detected using user-specified rules with anomalies detected using machine-learning based behavioral analysis models to identify threat indicators and security threats to a computer network. In an embodiment, anomalies are detected based on processing event data at a network security system that used rules-based anomaly detection. These rules-based detected anomalies are acquired by a network security system that uses machine-learning based anomaly detection. The rules-based detected anomalies are processed along with machine learning detected anomalies to detect threat indicators or security threats to the computer network. The threat indicators and security threats are output as alerts to the network security system that used rules-based anomaly detection.

公开(公告)号：US10673880B1

公开(公告)日：2020-06-02

申请号：US15276647

申请日：2016-09-26

Applicant: Splunk Inc.

Inventor： Robert Winslow Pratt ,  Ravi Prasad Bulusu

IPC: G06F21/64 ,  G06F12/08 ,  H04L29/06 ,  G06N20/00

Abstract: Techniques are described for processing anomalies detected using user-specified rules with anomalies detected using machine-learning based behavioral analysis models to identify threat indicators and security threats to a computer network. In an embodiment, anomalies are detected based on processing event data at a network security system that used rules-based anomaly detection. These rules-based detected anomalies are acquired by a network security system that uses machine-learning based anomaly detection. The rules-based detected anomalies are processed along with machine learning detected anomalies to detect threat indicators or security threats to the computer network. The threat indicators and security threats are output as alerts to the network security system that used rules-based anomaly detection.

公开(公告)号：US10243970B2

公开(公告)日：2019-03-26

申请号：US14928918

申请日：2015-10-30

Applicant: Splunk Inc.

Inventor： Sudhakar Muddu ,  Christos Tryfonas ,  Ravi Prasad Bulusu

IPC: H04L29/06 ,  G06N99/00 ,  G06F17/30 ,  G06N7/00 ,  G06F3/0482 ,  G06K9/20 ,  G06F3/0484 ,  H04L12/24 ,  H04L12/26 ,  G06F17/22 ,  G06N5/04

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.