公开(公告)号：US20230083443A1

公开(公告)日：2023-03-16

申请号：US17477291

申请日：2021-09-16

申请人： Evgeny Saveliev ,  Daniel Greene ,  Catherine Baird ,  Manuel Francisco Perez Gonzalez ,  Dhamanjit Sehdev

发明人： Evgeny Saveliev ,  Daniel Greene ,  Catherine Baird ,  Manuel Francisco Perez Gonzalez ,  Dhamanjit Sehdev

IPC分类号： G06F21/55 ,  G06N5/02 ,  G06N5/04

摘要： An anomaly score is computed for current and past physical access events using machine learning models. A transformation of the security events history into a time series of event counts, or augmenting the events history with the delay/lag information is used as an input to machine learning models. Machine learning models are used to estimate (compute) probability density functions for the currently observed parameters of security events. Cumulative probability density functions are computed from the probability density functions to be used to compute the anomaly score for the security events. The described method utilizes a collection of machine learning models to improve efficiency, accuracy and computation speed, by training the models on only a small subset of the accumulated history of security events to achieve higher performance of anomaly detection by narrow specialization of the models. When the anomaly score is beyond a threshold, injecting an anomaly alert network packet.