公开(公告)号：US20200382527A1

公开(公告)日：2020-12-03

申请号：US16428422

申请日：2019-05-31

Applicant: ENTIT SOFTWARE LLC

Inventor： Tamir Mitelman ,  Tammy Torbert

IPC: H04L29/06 ,  G06N20/20 ,  G06F16/9038 ,  G06K9/62

Abstract: A method includes applying, by a computer, supervised machine learning to classify a network device that is associated with a security event occurring in a computer system based on data representing features of the network device. The security event is associated with a potential security threat to the computer system, and the classification of the network device by the supervised machine learning is associated with a confidence. The technique includes, in response to the confidence being below a threshold, applying an active machine learning classifier to the data to learn a classification for the data and using the classification learned by the active machine learning classifier to adapt the supervised machine learning to recognize the classification.

公开(公告)号：US20190340353A1

公开(公告)日：2019-11-07

申请号：US15973189

申请日：2018-05-07

Applicant: ENTIT SOFTWARE LLC

Inventor： Tamir Mitelman

IPC: G06F21/55 ,  G06N99/00

Abstract: A technique includes accessing data representing a state of a given investigation of a potential security threat to a computer system by a security analyst. The state includes a result of a current investigative step of the investigation, and the analyst conducting the investigation uses an investigation graphical user interface (GUI). The technique includes applying machine learning that is trained on observed investigations to determine a recommendation to guide the analyst in a next investigative step for the given investigation. The technique includes communicating the recommendation through an output provided to the investigation GUI.

公开(公告)号：US11611569B2

公开(公告)日：2023-03-21

申请号：US16428422

申请日：2019-05-31

Applicant: ENTIT SOFTWARE LLC

Inventor： Tamir Mitelman ,  Tammy Torbert

IPC: H04L29/06 ,  H04L9/40 ,  G06K9/62 ,  G06F16/9038 ,  G06N20/20

Abstract: A method includes applying, by a computer, supervised machine learning to classify a network device that is associated with a security event occurring in a computer system based on data representing features of the network device. The security event is associated with a potential security threat to the computer system, and the classification of the network device by the supervised machine learning is associated with a confidence. The technique includes, in response to the confidence being below a threshold, applying an active machine learning classifier to the data to learn a classification for the data and using the classification learned by the active machine learning classifier to adapt the supervised machine learning to recognize the classification.

公开(公告)号：US11544374B2

公开(公告)日：2023-01-03

申请号：US15973189

申请日：2018-05-07

Applicant: ENTIT SOFTWARE LLC

Inventor： Tamir Mitelman

IPC: G06F21/55 ,  G06N20/00

Abstract: A technique includes accessing data representing a state of a given investigation of a potential security threat to a computer system by a security analyst. The state includes a result of a current investigative step of the investigation, and the analyst conducting the investigation uses an investigation graphical user interface (GUI). The technique includes applying machine learning that is trained on observed investigations to determine a recommendation to guide the analyst in a next investigative step for the given investigation. The technique includes communicating the recommendation through an output provided to the investigation GUI.