-
公开(公告)号:US20150229662A1
公开(公告)日:2015-08-13
申请号:US13730191
申请日:2012-12-28
申请人: 21CT, Inc.
发明人: Laura HITT , Matt MCCLAIN
IPC分类号: H04L29/06
CPC分类号: H04L63/1433 , H04L63/1416 , H04L63/1425
摘要: A system and method for identifying a threatening network is provided. The system comprises a network movement before/after algorithm that provides a graphical plot of changes in networks' communications activity from before to after a key event occurs, so that an analyst is able to identify anomalous behavior; a network progression algorithm that provides a graphical plot to analyze behavior in small increments of time without specification or emphasis upon a particular event, so that the analyst is able to see a trend in behavioral changes; a statistical network anomaly ranking algorithm that provides as output a ranked list of the networks; and an anomaly trend graphs algorithm that analyzes and visualizes the networks' anomaly scores over time, so that the analyst is able to see which networks are consistently suspicious, which networks accumulate more suspiciousness in response to an event, and which networks are trending toward more suspiciousness.
摘要翻译: 提供了用于识别威胁网络的系统和方法。 该系统包括在算法之前/之后的网络运动,其提供从关键事件发生之前到之后的网络通信活动中的变化的图形图,使得分析人员能够识别异常行为; 一种网络进化算法,其提供图形图以小规模的时间增量分析行为,而不需要规定或强调特定事件,从而使分析人员能够看到行为变化的趋势; 统计网络异常排序算法,作为输出网络的排名列表; 以及一个异常趋势图算法,可以分析和可视化网络的异常评分随着时间的推移,从而使分析人员能够看到哪些网络一直是可疑的,哪些网络会响应一个事件而累积更多的可疑性,哪些网络正在向更多的方向发展 可疑
-
公开(公告)号:US09578051B2
公开(公告)日:2017-02-21
申请号:US15017039
申请日:2016-02-05
申请人: 21CT, Inc.
发明人: Laura Hitt , Matt McClain
CPC分类号: H04L63/1433 , H04L63/1416 , H04L63/1425
摘要: A method for identifying a threatening network comprises an asymmetric threat signature (AT-SIG) algorithm comprising a network movement before/after algorithm that provides a graphical plot of changes in network transaction activity from before to after a specified time and further comprising one or more of: a network progression algorithm that provides a graphical plot to analyze behavior in small increments of time without specification or emphasis upon a particular time or event; a statistical network anomaly ranking algorithm that provides as output a ranked list of the networks; and an anomaly trend graphs algorithm that analyzes and visualizes the networks' anomaly scores over time. Also disclosed are an AT-SIG system and a software program product.
摘要翻译: 一种用于识别威胁网络的方法包括:非对称威胁签名(AT-SIG)算法,其包括在算法之前/之后的网络运动,其提供从指定时间之前到之后的网络事务活动中的变化的图形图,并且还包括一个或多个 的网络进化算法,其提供图形绘图,以小的增量分析行为,而无需规定或强调特定的时间或事件; 统计网络异常排序算法,作为输出网络的排名列表; 以及一个异常趋势图算法,用于分析和可视化网络的异常评分。 还公开了AT-SIG系统和软件程序产品。
-
公开(公告)号:US11176175B1
公开(公告)日:2021-11-16
申请号:US14815894
申请日:2015-07-31
申请人: 21CT, Inc.
摘要: Disclosed are a method and system for propagating data changes in a hierarchy of dataset models in which each dataset model comprises an analytic and one or more parent datasets, including a primordial dataset. The analytic is executed to instantiate a first instance of the data model. After a change in a primordial dataset, each instance of a dataset model that descends from the primordial dataset is invalidated, and the analytic is re-executed to create a second instance of the data model. Analytical results may be displayed. The first dataset model may include a metric in which the definition of the metric comprises metadata of the dataset model. Metric values may be stored in a first cache, re-computed on a new instance of the dataset model, and stored in a second cache.
-
4.发明申请公开(公告)号:US20140122391A1
公开(公告)日:2014-05-01
申请号:US14069363
申请日:2013-10-31
申请人: 21CT, Inc.
IPC分类号: G06N99/00
摘要: A method of machine learning for use with a learning machine which includes a first input sensor adapted to sense an environment, a first output controller adapted to act on the environment, and a computing system including a user input device, a memory, and a processor, includes the steps of providing an event set comprising one or more events, providing a model set adapted to comprise one or more models, and iteratively repeating a sequence of steps for augmenting the event set with the plurality of new events, and acting on the environment using the first output controller.
摘要翻译: 一种用于学习机器的机器学习方法,其包括适于感测环境的第一输入传感器,适于对环境作用的第一输出控制器,以及包括用户输入设备,存储器和处理器的计算系统 包括提供包括一个或多个事件的事件集的步骤,提供适于包括一个或多个模型的模型集合,以及迭代地重复用于增加具有多个新事件的事件集合的步骤序列,并且作用于 环境使用第一个输出控制器。
-
公开(公告)号:US20160241584A1
公开(公告)日:2016-08-18
申请号:US15017039
申请日:2016-02-05
申请人: 21CT, Inc.
发明人: Laura HITT , Matt MCCLAIN
IPC分类号: H04L29/06
CPC分类号: H04L63/1433 , H04L63/1416 , H04L63/1425
摘要: A system and method for identifying a threatening network is provided. The system comprises a network movement before/after algorithm that provides a graphical plot of changes in networks' communications activity from before to after a key event occurs, so that an analyst is able to identify anomalous behavior; a network progression algorithm that provides a graphical plot to analyze behavior in small increments of time without specification or emphasis upon a particular event, so that the analyst is able to see a trend in behavioral changes; a statistical network anomaly ranking algorithm that provides as output a ranked list of the networks; and an anomaly trend graphs algorithm that analyzes and visualizes the networks' anomaly scores over time, so that the analyst is able to see which networks are consistently suspicious, which networks accumulate more suspiciousness in response to an event, and which networks are trending toward more suspiciousness.
摘要翻译: 提供了用于识别威胁网络的系统和方法。 该系统包括在算法之前/之后的网络运动,其提供从关键事件发生之前到之后的网络通信活动中的变化的图形图,使得分析人员能够识别异常行为; 一种网络进化算法,其提供图形图以小规模的时间增量分析行为,而不需要规定或强调特定事件,从而使分析人员能够看到行为变化的趋势; 统计网络异常排序算法,作为输出网络的排名列表; 以及一个异常趋势图算法,可以分析和可视化网络的异常评分随着时间的推移,从而使分析人员能够看到哪些网络一直是可疑的,哪些网络会响应一个事件而累积更多的可疑性,哪些网络正在向更多的方向发展 可疑
-
公开(公告)号:US09276948B2
公开(公告)日:2016-03-01
申请号:US13730191
申请日:2012-12-28
申请人: 21CT, Inc.
发明人: Laura Hitt , Matt McClain
CPC分类号: H04L63/1433 , H04L63/1416 , H04L63/1425
摘要: A system and method for identifying a threatening network is provided. The system comprises a network movement before/after algorithm that provides a graphical plot of changes in networks' communications activity from before to after a key event occurs, so that an analyst is able to identify anomalous behavior; a network progression algorithm that provides a graphical plot to analyze behavior in small increments of time without specification or emphasis upon a particular event, so that the analyst is able to see a trend in behavioral changes; a statistical network anomaly ranking algorithm that provides as output a ranked list of the networks; and an anomaly trend graphs algorithm that analyzes and visualizes the networks' anomaly scores over time, so that the analyst is able to see which networks are consistently suspicious, which networks accumulate more suspiciousness in response to an event, and which networks are trending toward more suspiciousness.
摘要翻译: 提供了用于识别威胁网络的系统和方法。 该系统包括在算法之前/之后的网络运动,其提供从关键事件发生之前到之后的网络通信活动中的变化的图形图,使得分析人员能够识别异常行为; 一种网络进化算法,其提供图形图以小规模的时间增量分析行为,而不需要规定或强调特定事件,从而使分析人员能够看到行为变化的趋势; 统计网络异常排序算法,作为输出网络的排名列表; 以及一个异常趋势图算法,可以分析和可视化网络的异常评分随着时间的推移,从而使分析人员能够看出哪些网络一直是可疑的,哪些网络会响应一个事件而累积更多的可疑性,哪些网络正在向更多的方向发展 可疑
-
7.发明申请SYSTEM AND METHOD FOR OPTIMIZING PATTERN QUERY SEARCHES ON A GRAPH DATABASE 有权用于优化图形数据库中的模式查询的系统和方法公开(公告)号:US20130226893A1
公开(公告)日:2013-08-29
申请号:US13856960
申请日:2013-04-04
申请人: 21CT, Inc.
发明人: Daniel SARGEANT , Morgan HOLLINGER
IPC分类号: G06F17/30
CPC分类号: G06F17/30442 , G06F17/30286 , G06F17/30451 , G06F17/30595 , G06F17/30864 , G06F17/30958
摘要: An embodiment of the system and method for optimizing pattern query searches on a graph database uses a pattern query optimizer to optimize execution of the search plan for any sequence of SQL expressions by separating or breaking a pattern query into multiple subpattern queries before converting the subpattern queries into SQL expressions. An embodiment of the pattern query optimizer algorithmically, without intervention by an analyst, decomposes any pattern query into a set of subpattern queries by first identifying branches and cycles within a pattern query and then decomposing each identified branch and cycle into equivalent straight line paths, i.e., straight line nodes joined by edges. Cardinality may be used to improve the performance of pattern searches.
摘要翻译: 用于优化图形数据库上的模式查询搜索的系统和方法的实施例使用模式查询优化器来优化任何SQL表达式序列的搜索计划的执行,通过在转换子模式查询之前将模式查询分割或分解为多个子模式查询 转换成SQL表达式。 模式查询优化器的一个实施例在没有分析者干预的情况下,通过首先识别模式查询中的分支和周期,然后将每个识别的分支和周期分解成等效的直线路径,即任何模式查询分解为一组子模式查询,即, ,由边缘连接的直线节点。 可以使用基数来提高模式搜索的性能。
-
-
-
-
-
-
搜索结果
7 条记录 (耗时 0.016 秒)
