-
公开(公告)号:US11620581B2
公开(公告)日:2023-04-04
申请号:US16811054
申请日:2020-03-06
发明人: Gary I. Givental , Aankur Bhatia , Lu An
IPC分类号: G06F18/22 , G06N20/20 , G06F18/214 , G06F18/21 , G06F18/2321 , G06N3/044
摘要: Mechanisms are provided to implement an ensemble of unsupervised machine learning (ML) models. The ensemble of unsupervised ML models processes a portion of input data to generate an ensemble output and the ensemble output is output to an authorized user computing device to obtain user feedback from the authorized user via the user computing device. The user feedback indicates a correctness of the ensemble output. The mechanisms modify at least one feature of the ensemble of unsupervised ML models based on the obtained user feedback to thereby generate a modified ensemble of unsupervised ML models. Subsequent portions of input data are then processed using the modified ensemble of unsupervised ML models.
-
公开(公告)号:US11374953B2
公开(公告)日:2022-06-28
申请号:US16811001
申请日:2020-03-06
发明人: Gary I Givental , Aankur Bhatia , Lu An
IPC分类号: H04L9/40 , G06N20/20 , G06F16/215 , G06N5/04 , G06Q10/10
摘要: Mechanisms are provided to implement a hybrid machine learning (ML) anomaly detector comprising an ensemble of unsupervised ML models and a semi-supervised ML model. The ensemble of unsupervised ML models are executed on log data to generate, for each entry in the log data, a predicted anomaly score and corresponding anomaly classification label of the entry. A partially labeled dataset is generated based on a selected subset of entries and other unlabeled log data in the log data. A similarity analysis of the unlabeled log data with entries in the selected subset of entries is performed and anomaly classification labels of the selected subset of entries are propagated to the other unlabeled log data based on the similarity analysis.
-
公开(公告)号:US20200342252A1
公开(公告)日:2020-10-29
申请号:US16391485
申请日:2019-04-23
IPC分类号: G06K9/62 , G06K9/00 , G08B13/194 , G06N3/08
摘要: Mechanisms are provided to implement an image based event classification engine having an event image encoder and a first neural network computer model. The event image encoder receives an event data structure comprising a plurality of event attributes, where the event data structure represents an event occurring in association with a computing resource. The event image encoder executes, for each event attribute, a corresponding event attribute encoder that encodes the event attribute as a pixel pattern in a predetermined grid of pixels, corresponding to the event attribute, of an event image. The event image is into to a neural network computer model which applies one or more image feature extraction operations and image feature analysis algorithms to the event image to generate a classification prediction classifying the event into one of a plurality of predefined classifications and outputs the classification prediction.
-
公开(公告)号:US20230185923A1
公开(公告)日:2023-06-15
申请号:US17643619
申请日:2021-12-10
发明人: Gary I. Givental , Joel Rajakumar , Aankur Bhatia
CPC分类号: G06F21/577 , G06N5/045 , G06K9/6256 , G06K9/6262 , G06N20/20
摘要: An apparatus, a method, and a computer program product are provided that dynamically selects features and machine learning models for optimal accuracy when determining a threat disposition of a security alert. The method includes training a base machine learning model, determining impacts that features in the training dataset have on the trained base machine learning model when predicting threat disposition on security threats, and creating subsets of the features, based on threat dispositions, by analyzing the features with their corresponding impacts and placing common features and impacts into each subset of the subsets. The method also includes training a plurality of machine learning models and a machine learning feature predictor using the training dataset and the subsets. The method further includes selecting, for a new input data instance, the selected features from the new input data instance and selecting a trained machine learning model trained based on the selected features.
-
公开(公告)号:US11237897B2
公开(公告)日:2022-02-01
申请号:US16522005
申请日:2019-07-25
发明人: Aankur Bhatia , Chadwick M. Baatz , Gary I. Givental , Thomas Wallace , Srinivas B. Tummalapenta
摘要: A method identifies and prioritizes anomalies in received monitoring logs from an endpoint log source. One or more processors identify anomalies in the monitoring logs by applying a plurality of disparate types of anomaly detection algorithms to the monitoring logs, and then determine a likelihood that the identified anomalies are anomalous based on outputs of the plurality of disparate types of anomaly detection algorithms. The processor(s) then prioritize the monitoring logs based on the likelihood that the identified anomalies are actually anomalous, and send prioritized monitoring logs that exceed a priority level to a security information and event management system (SIEM).
-
公开(公告)号:US20200351075A1
公开(公告)日:2020-11-05
申请号:US16401586
申请日:2019-05-02
发明人: Adam L. Griffin , Srinivas B. Tummalapenta , Gary I. Givental , Wesley A. Khademi , Aankur Bhatia
IPC分类号: H04L9/06 , H04L9/32 , G06T9/00 , H04L9/08 , H04N19/174
摘要: An example operation may include one or more of retrieving a predefined image from a storage, encoding data attributes to be stored on a blockchain into one or more image layers of the predefined image to generate an encoded image, generating a data block comprising the encoded image including the data attributes which are encoded into the one or more image layers, and storing the data block via a hash-linked chain of data blocks on a distributed ledger.
-
7.发明申请公开(公告)号:US20200272741A1
公开(公告)日:2020-08-27
申请号:US16287407
申请日:2019-02-27
发明人: Aankur Bhatia , Paul J. Dwyer , Yiye Huang
摘要: Mechanisms for performing advanced rule analysis are provided. The mechanisms perform natural language processing of a security rule set data structure, specifying a plurality of security rules. The mechanisms execute, for each security rule pairing, a determination of a similarity measure indicating a degree of similarity of the textual description of the first security rule in the pairing with the textual description of the second security rule in the pairing, and in response to the security measure being equal to or above duplicate rule threshold value, eliminating one of the first security rule or the second security rule in the pairing from the security rule set data structure to generate a modified security rule set data structure. The mechanisms deploy the modified security rule set data structure to a computing environment for use in identifying security incidents and performing event management.
-
公开(公告)号:US20180367561A1
公开(公告)日:2018-12-20
申请号:US15623125
申请日:2017-06-14
发明人: Gary I. Givental , Aankur Bhatia , Paul J. Dwyer
摘要: An enhanced threat disposition analysis technique is provided. In response to receipt of a security threat, a threat disposition score (TDS) is retrieved. The threat disposition score is generated from a machine learning scoring model that is built from information about historical security threats, including historical disposition of one or more alerts associated with the historical security threats. The system augments an alert to include the threat disposition score, optionally together with a confidence level, to generate an enriched alert. The enriched alert is then presented to the security analyst for handling directly. Depending on the TDS (and its confidence level), the analyst may be able to respond to the threat immediately, i.e., without further detailed investigation. Preferably, the machine learning model is updated continuously as the system handles security threats, thereby increasing the predictive benefit of the TDS scoring.
-
公开(公告)号:US11503055B2
公开(公告)日:2022-11-15
申请号:US17026501
申请日:2020-09-21
发明人: Mahbod Tavallaee , Aankur Bhatia
摘要: Embodiments of a method are disclosed. The method includes determining that the event type of an event log of a security information and event management (SIEM) cannot be identified. The method further includes generating a vectorized log using a cleaned, tokenized, and padded version of the event log. Additionally, the method includes generating a classification for the vectorized log using a deep learning classification model that is trained to identify a potential event type for the event log based on deep learning training using multiple parsed logs. The method also includes determining that a confidence level of the classification meets a predetermined threshold. The method further includes parsing the event log based on the classification.
-
公开(公告)号:US20220292186A1
公开(公告)日:2022-09-15
申请号:US17195843
申请日:2021-03-09
发明人: Gary I. Givental , Aankur Bhatia , Kyle Proctor , Rafal Hajduk
IPC分类号: G06F21/55
摘要: A method, a computer program product, and a system for performing a of threat similarity analysis for automated action on security alerts. The method includes receiving, by a threat similarity analysis system, a security alert relating to a security from a threat disposition system within an environment, performing, by the threat similarity analysis system, a similarity analysis on the security alert using a machine learning model. The similarity analysis compares the security alert with previous security alerts within a time window. The threat similarity analysis system can apply a cosine similarity analysis to perform the similarity analysis. The method also includes determining, based on the similarity analysis, the security alert matches at least one previous security alert from the previous security alerts within a predetermined degree, and associating the security alert into a same security incident as the previous security alert determined by similarity analysis.
-
-
-
-
-
-
-
-
-
搜索结果
29 条记录 (耗时 0.022 秒)
