公开(公告)号：US11323469B2

公开(公告)日：2022-05-03

申请号：US16881566

申请日：2020-05-22

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Jisheng Wang

IPC: H04L29/06 ,  H04W4/38

Abstract: Entity group behavior profiling. An entity group is created that includes multiple entities, where each entity represents one of a user, a machine, and a service. A behavior profile is created for each one of the entities of the entity group. The behavior of each of one of the entities of the entity group is monitored to detect behavior change. An indicator of compromise is detected based on multiple ones of the entities experiencing substantially a same behavior change.

公开(公告)号：US20200287925A1

公开(公告)日：2020-09-10

申请号：US16881566

申请日：2020-05-22

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Jisheng Wang

IPC: H04L29/06

Abstract: Entity group behavior profiling. An entity group is created that includes multiple entities, where each entity represents one of a user, a machine, and a service. A behavior profile is created for each one of the entities of the entity group. The behavior of each of one of the entities of the entity group is monitored to detect behavior change. An indicator of compromise is detected based on multiple ones of the entities experiencing substantially a same behavior change.

公开(公告)号：US10469514B2

公开(公告)日：2019-11-05

申请号：US14743875

申请日：2015-06-18

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Jisheng Wang ,  Min-yi Shen ,  Prasad Palkar ,  Sriram Ramachandran

IPC: H04L29/06 ,  G06F21/62 ,  G06N20/00 ,  G06F21/55 ,  G06F21/56

Abstract: Collaborative and adaptive threat intelligence. Data collected on a first customer network is received. One or more local models are trained with at least the received data, where the one or more local models are related to security. An amount of data to transmit to a centralized controller is determined based at least on a result of the training one or more local models and the determined amount of data is transmitted to the centralized controller. Result data is received from the centralized controller that is a result of one or more global models trained on the centralized controller using data collected on multiple customer networks including the first customer network. The one or more local models are adjusted using the received result data and the one or more adjusted local models are trained.