公开(公告)号：US11665180B2

公开(公告)日：2023-05-30

申请号：US16804898

申请日：2020-02-28

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Jeb R. Linton ,  Darrel Haswell ,  Satya Sreenivas ,  Naeem Altaf ,  Sanjay Nadhavajhala ,  Ron Williams ,  Bradley Evan Harris ,  John Walter Morris

IPC: H04L29/06 ,  G06N3/08 ,  G06K9/62 ,  H04L9/40 ,  G06N3/088 ,  G06F18/214

CPC classification number: H04L63/1416 ,  G06F18/2155 ,  G06N3/088 ,  H04L63/1425

Abstract: Methods and systems for artificially intelligent security incident and event management using an attention-based deep neural network and transfer learning are disclosed. A method includes: collecting, by a computing device, system and network activity events in bulk; forming, by the computing device, a corpus using the collected system and network activity events; correlating, by the computing device, discrete events of the system and network activity events into offenses; adding, by the computing device, additional features to the corpus representing the offenses and disposition decisions regarding the offenses; training, by the computing device, a deep neural network using the corpus; and tuning, by the computing device, the deep neural network for a monitored computing environment using transfer learning.

公开(公告)号：US11297090B2

公开(公告)日：2022-04-05

申请号：US16566942

申请日：2019-09-11

Applicant: International Business Machines Corporation

Inventor： Bruno dos Santos Silva ,  Ron Williams ,  David Kaminsky

IPC: H04L29/06 ,  G06N3/08

Abstract: A security incident is detected at a first location; a risk of the security incident is evaluated. A first security scores is generated for the first location. A set of security scores are generated for a set of alternative locations; the set of security scores excludes the first security score. A second security score within the set of security scores is determined to be the best security score among a plurality of security scores; the plurality of security scores comprises the set of security scores and the first security score. A workload associated with the first location is migrated to a second location, where the second location is associated with the second security score.

公开(公告)号：US11983271B2

公开(公告)日：2024-05-14

申请号：US16952494

申请日：2020-11-19

Applicant: International Business Machines Corporation

Inventor： Bruno dos Santos Silva ,  Cheng-Ta Lee ,  Ron Williams ,  Bo-Yu Kuo ,  Chao-Min Chang ,  Sridhar Muppidi

IPC: G06F21/55 ,  G06F21/56 ,  G06N5/04 ,  G06N20/00

CPC classification number: G06F21/566 ,  G06F21/554 ,  G06N5/04 ,  G06N20/00 ,  G06F2221/034

Abstract: A processor may generate an enforcement point. The enforcement point may include one or more adversarial detection models. The processor may receive user input data. The processor may analyze, at the enforcement point, the user input data. The processor may determine, from the analyzing, whether there is an adversarial attack in the user input data. The processor may generate an alert based on the determining.

公开(公告)号：US20210266315A1

公开(公告)日：2021-08-26

申请号：US16799784

申请日：2020-02-24

Applicant: International Business Machines Corporation

Inventor： Doga Tav ,  Ron Williams ,  Hyman David Chantz

IPC: H04L29/06 ,  H04W12/00 ,  G06K9/00 ,  G06F3/01

Abstract: A method for a multi-factor authentication, the method receives results of an initial authentication of a user. Responsive to confirming the initial authentication, an image of a secondary set of authentication options is presented. An option selection is received from the user, wherein the selection is determined by tracking eye movement of the user over the image that includes the set of second factor authentication options. User facial activity is tracked corresponding to the selection made from the secondary set of authentication options. The monitored facial activity is compared to a pre-established authentication condition to determine whether a match exists with the selected secondary set of authentication options, and responsive to facial activity monitored matching the authentication condition pre-established by the user and corresponding to the selection made from the secondary set of authentication options, authentication of the user is confirmed.

公开(公告)号：US20210075815A1

公开(公告)日：2021-03-11

申请号：US16566942

申请日：2019-09-11

Applicant: International Business Machines Corporation

Inventor： Bruno dos Santos Silva ,  Ron Williams ,  David Kaminsky

IPC: H04L29/06 ,  G06N3/08

Abstract: A security incident is detected at a first location; a risk of the security incident is evaluated. A first security scores is generated for the first location. A set of security scores are generated for a set of alternative locations; the set of security scores excludes the first security score. A second security score within the set of security scores is determined to be the best security score among a plurality of security scores; the plurality of security scores comprises the set of security scores and the first security score. A workload associated with the first location is migrated to a second location, where the second location is associated with the second security score.

公开(公告)号：US11695758B2

公开(公告)日：2023-07-04

申请号：US16799784

申请日：2020-02-24

Applicant: International Business Machines Corporation

Inventor： Doga Tav ,  Ron Williams ,  Hyman David Chantz

IPC: H04L9/40 ,  G06F3/01 ,  H04W12/30 ,  G06V40/16 ,  G06V40/18

CPC classification number: H04L63/0861 ,  G06F3/013 ,  G06V40/172 ,  G06V40/176 ,  G06V40/193 ,  H04L63/083 ,  H04W12/30 ,  H04L2463/082

Abstract: A method for a multi-factor authentication, the method receives results of an initial authentication of a user. Responsive to confirming the initial authentication, an image of a secondary set of authentication options is presented. An option selection is received from the user, wherein the selection is determined by tracking eye movement of the user over the image that includes the set of second factor authentication options. User facial activity is tracked corresponding to the selection made from the secondary set of authentication options. The monitored facial activity is compared to a pre-established authentication condition to determine whether a match exists with the selected secondary set of authentication options, and responsive to facial activity monitored matching the authentication condition pre-established by the user and corresponding to the selection made from the secondary set of authentication options, authentication of the user is confirmed.

公开(公告)号：US20220156376A1

公开(公告)日：2022-05-19

申请号：US16952494

申请日：2020-11-19

Applicant: International Business Machines Corporation

Inventor： Bruno dos Santos Silva ,  Cheng-Ta Lee ,  Ron Williams ,  Bo-Yu Kuo ,  CHAO-MIN CHANG ,  Sridhar Muppidi

IPC: G06F21/56 ,  G06F21/55 ,  G06N20/00 ,  G06N5/04

Abstract: A processor may generate an enforcement point. The enforcement point may include one or more adversarial detection models. The processor may receive user input data. The processor may analyze, at the enforcement point, the user input data. The processor may determine, from the analyzing, whether there is an adversarial attack in the user input data. The processor may generate an alert based on the determining.