公开(公告)号：US20220286472A1

公开(公告)日：2022-09-08

申请号：US17685687

申请日：2022-03-03

Applicant: Qatar Foundation for Education, Science and Community Development

Inventor： Issa M. Khalil ,  Ting Yu ,  Eui J. Choo ,  Lun-Pin Yuan ,  Sencun Zhu

IPC: H04L9/40

Abstract: Autoencoder-based anomaly detection methods have been used in identifying anomalous users from large-scale enterprise logs with the assumption that adversarial activities do not follow past habitual patterns. Most existing approaches typically build models by reconstructing single-day and individual-user behaviors. However, without capturing long-term signals and group-correlation signals, the models cannot identify low-signal yet long-lasting threats, and will incorrectly report many normal users as anomalies on busy days, which, in turn, leads to a high false positive rate. A method is provided based on compound behavior, which takes into consideration long-term patterns and group behaviors. The provided method leverages a novel behavior representation and an ensemble of deep autoencoders and produces an ordered investigation list.

公开(公告)号：US11991196B2

公开(公告)日：2024-05-21

申请号：US17685687

申请日：2022-03-03

Applicant: Qatar Foundation for Education, Science and Community Development

Inventor： Issa M. Khalil ,  Ting Yu ,  Eui J. Choo ,  Lun-Pin Yuan ,  Sencun Zhu

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/0876

Abstract: Autoencoder-based anomaly detection methods have been used in identifying anomalous users from large-scale enterprise logs with the assumption that adversarial activities do not follow past habitual patterns. Most existing approaches typically build models by reconstructing single-day and individual-user behaviors. However, without capturing long-term signals and group-correlation signals, the models cannot identify low-signal yet long-lasting threats, and will incorrectly report many normal users as anomalies on busy days, which, in turn, leads to a high false positive rate. A method is provided based on compound behavior, which takes into consideration long-term patterns and group behaviors. The provided method leverages a novel behavior representation and an ensemble of deep autoencoders and produces an ordered investigation list.