公开(公告)号：US20210058370A1

公开(公告)日：2021-02-25

申请号：US16545977

申请日：2019-08-20

Applicant: International Business Machines Corporation

Inventor： Constantin M. Adam ,  Jeffrey E. Lammers ,  Muhammed Fatih Bulut ,  Milton H. Hernandez ,  Maja Vukovic

IPC: H04L29/06 ,  G06F21/57

Abstract: A method provides for controlling compliance remediation that includes performing compliance inspection runs by account nodes for multiple accounts. Inspection results of the inspection runs from each account node are aggregated by an account cognitive policy advisory (CPA) service. The inspection results from each account are aggregated. It is determined whether remediations are required by analyzing the inspection results combined with a current compliance mode of a server. Upon a determination that the current compliance mode of the server is a first mode, the account CPA service determines whether a policy fingerprint has changed. Upon a change to the policy fingerprint, compliance enforcement runs on the account nodes are temporarily suspended.

公开(公告)号：US10902003B2

公开(公告)日：2021-01-26

申请号：US16267482

申请日：2019-02-05

Applicant: International Business Machines Corporation

Inventor： Jinho Hwang ,  Anup Kalia ,  Muhammed Fatih Bulut ,  Maja Vukovic ,  Jin Xiao ,  Rohit Madhukar Khandekar ,  Raghav Batta

IPC: G06F16/30 ,  G06F16/2457 ,  G06N5/02 ,  G06F11/14 ,  G06N3/04

Abstract: A system, program product, and method for use with an information handling system to detect and resolve faults in a run-time environment. As faults are detected, one or more corresponding general query responses are identified and subject to a ranking based on relevance criteria. At least one modified response is transformed into a command, selectively blended with context, and encoded as a context aware instruction. The instruction is subject to testing with corresponding output being subject to measurement.

公开(公告)号：US20200272973A1

公开(公告)日：2020-08-27

申请号：US16282565

申请日：2019-02-22

Applicant: International Business Machines Corporation

Inventor： Hongtan Sun ,  Muhammed Fatih Bulut ,  Pritpal S. Arora ,  Klaus Koenig ,  Maja Vukovic ,  Naga A. Ayachitula

IPC: G06Q10/06 ,  G06N20/00

Abstract: Embodiments relate to monitoring an information technology (IT) environment having a plurality of domains through key performance indicator (KPI) data. In response to detection of a technical health problem, a first KPI related to the problem is identified. A root cause analysis is performed on the identified KPI generating a knowledge graph. A second KPI related to the first KPI is identified through the discovery of a correlation between the two identified KPIs. A diagnosis is generated for the technical health problem within the IT environment based on the discovered hidden correlation between the first KPI and second KPI. The generated diagnosis includes the root cause of the technical health issue.

公开(公告)号：US20200153851A1

公开(公告)日：2020-05-14

申请号：US16734322

申请日：2020-01-04

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Muhammed Fatih Bulut ,  Lisa Chavez ,  Jinho Hwang ,  Anup Kalia ,  Virginia Mayo Policarpio ,  Sai Zeng

IPC: H04L29/06 ,  H04L12/58 ,  G06Q50/00

Abstract: A method and system of identifying a computing device vulnerability is provided. Social media communication is monitored. Social media threads that are related to a vulnerability, based on the monitored social media communication, are identified, filtered, and categorized into one or more predetermined categories of computing device vulnerabilities. Upon determining that a number of social media posts related to the vulnerability is above a first predetermined threshold, one or more dependable social media threads in a same one or more categories as the vulnerability are searched. One or more possible root causes of the vulnerability are determined from the searched dependable social media threads. A validity score for each of the one or more possible root causes is assigned. A possible root cause from that has a highest validity score that is above a second predetermined threshold is selected to be the root cause of the vulnerability.

公开(公告)号：US20190166150A1

公开(公告)日：2019-05-30

申请号：US15825086

申请日：2017-11-28

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Muhammed Fatih Bulut ,  Lisa M. Chavez ,  Jinho Hwang ,  Virginia Mayo ,  Maja Vukovic ,  Sai Zeng

IPC: H04L29/06 ,  H04L12/58 ,  G06Q50/00

Abstract: A method and system of identifying technical experts for an identified vulnerability is provided. One or more technical experts for each of one or more categories of the vulnerability are identified. Questions are sent to and answers are received from the one or more identified technical experts for each of the one or more categories of vulnerabilities, via a chatbot module. Answers to parameters that are missing for a Common Vulnerability Scoring System (CVSS) for the identified vulnerability are determined from the received answers to the parameters. The answers to the parameters are validated and a CVSS score is calculated based on the validated determined answers.

公开(公告)号：US11972382B2

公开(公告)日：2024-04-30

申请号：US16282565

申请日：2019-02-22

Applicant: International Business Machines Corporation

Inventor： Hongtan Sun ,  Muhammed Fatih Bulut ,  Pritpal S. Arora ,  Klaus Koenig ,  Maja Vukovic ,  Naga A. Ayachitula

IPC: G06Q10/0639 ,  G06N20/00

CPC classification number: G06Q10/06393 ,  G06N20/00

Abstract: Embodiments relate to monitoring an information technology (IT) environment having a plurality of domains through key performance indicator (KPI) data. In response to detection of a technical health problem, a first KPI related to the problem is identified. A root cause analysis is performed on the identified KPI generating a knowledge graph. A second KPI related to the first KPI is identified through the discovery of a correlation between the two identified KPIs. A diagnosis is generated for the technical health problem within the IT environment based on the discovered hidden correlation between the first KPI and second KPI. The generated diagnosis includes the root cause of the technical health issue.

公开(公告)号：US11954524B2

公开(公告)日：2024-04-09

申请号：US17330583

申请日：2021-05-26

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Braulio Gabriel Dumba ,  Jun Duan ,  Nerla Jean-Louis ,  Muhammed Fatih Bulut ,  Sai Zeng

IPC: G06F9/46 ,  G06F9/48 ,  G06F9/50

CPC classification number: G06F9/4881 ,  G06F9/5005 ,  G06F2209/5011 ,  G06F2209/503

Abstract: A method for scheduling services in a computing environment includes receiving a service scheduling request corresponding to the computing environment and identifying a resource pool and a set of compliance requirements corresponding to the computing environment. The method continues by identifying target resources within the resource pool, wherein target resources are resources which meet the set of compliance requirements, and subsequently identifying a set of available target resources, wherein available target resources are target resources with scheduling availability. The method further includes analyzing the set of available target resources to determine a risk score for each available target resource and selecting one or more of the set of available target resources according to the determined risk scores. The method continues by scheduling a service corresponding to the service scheduling request on the selected one or more available target resources.

公开(公告)号：US20240114046A1

公开(公告)日：2024-04-04

申请号：US17937854

申请日：2022-10-04

Applicant: International Business Machines Corporation

Inventor： Constantin Mircea Adam ,  Muhammed Fatih Bulut ,  Steven Ocepek

IPC: H04L9/40

CPC classification number: H04L63/1433

Abstract: One or more systems, devices, computer program products and/or computer-implemented methods provided herein relate to prioritization of attack techniques and cyber security events. According to an embodiment, an attack prioritization engine can receive security events, train an artificial intelligence model to rank respective cyber security events as a function of risk, and output a prioritization of security events to address. A mapping component can map asset vulnerabilities to attack techniques. A calculation component can calculate and aggregate scores for respective attack techniques. An attack surface component can extract features from the aggregation of scores to rank attack techniques and determine an attack surface. The mapping component can further map security events to the attack techniques.

公开(公告)号：US11924239B2

公开(公告)日：2024-03-05

申请号：US17078455

申请日：2020-10-23

Applicant: International Business Machines Corporation

Inventor： Lilian Mathias Ngweta ,  Steven Ocepek ,  Constantin Mircea Adam ,  Sai Zeng ,  Muhammed Fatih Bulut ,  Milton H. Hernandez

IPC: H04L9/40 ,  G06N20/00

CPC classification number: H04L63/1433 ,  G06N20/00 ,  H04L63/10 ,  H04L63/1408 ,  H04L63/1466

Abstract: Systems, computer-implemented methods, and computer program products that facilitate vulnerability and attack technique association are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a map component that defines mappings between vulnerability data representing a vulnerability of a computing resource and attack data representing at least one attack technique. The computer executable components can further comprise an estimation component that analyzes the mappings to estimate a probability that the vulnerability will be exploited to attack the computing resource.

公开(公告)号：US11727020B2

公开(公告)日：2023-08-15

申请号：US16157740

申请日：2018-10-11

Applicant: International Business Machines Corporation

Inventor： Muhammed Fatih Bulut ,  Hongtan Sun ,  Pritpal Arora ,  Klaus Koenig ,  Naga A. Ayachitula ,  Jonathan Richard Young ,  Maja Vukovic

IPC: G06N3/08 ,  G06N3/042 ,  G06Q30/016 ,  G06F16/2458 ,  G06N3/044

CPC classification number: G06F16/2465 ,  G06N3/042 ,  G06N3/044 ,  G06N3/08 ,  G06Q30/016

Abstract: Techniques regarding providing artificial intelligence problem descriptions are provided. For example, one or more embodiments described herein can comprise a system, which can comprise a memory that can store computer executable components. The system can also comprise a processor, operably coupled to the memory, and that can execute the computer executable components stored in the memory. The computer executable components can include, at least: a query component that generates key performance indicators from a query, determines a subset of key performance indicators that individually have a performance below a threshold, and maps the subset of key performance indicators to operational metrics; a learning component that generates, using artificial intelligence, problem descriptions from one or more of the subset of key performance indicators or the operational metrics and transmits the problem descriptions to a database.