-
公开(公告)号:WO2018093643A1
公开(公告)日:2018-05-24
申请号:PCT/US2017/060731
申请日:2017-11-09
发明人: KUMAR, Ram Shankar Siva , SMITH, Bryan Jeffrey , WICKER, Andrew White , MACE, Daniel Lee , LADD, David Charles
摘要: A computing system for generating automated responses to improve response times for diagnosing security alerts includes a processor and a memory. An application is stored in the memory and executed by the processor. The application includes instructions for receiving a text phrase relating to a security alert; using a natural language interface with a natural language model to select one of a plurality of intents corresponding to the text phrase; and mapping the selected intent to one of a plurality of actions. Each of the plurality of actions includes at least one of a static response, a dynamic response, and a task. The application includes instructions for sending a response based on the at least one of the static response, the dynamic response, and the task.
-
公开(公告)号:WO2016115182A1
公开(公告)日:2016-07-21
申请号:PCT/US2016/013118
申请日:2016-01-13
CPC分类号: G06F21/55 , G06F21/316 , G06F21/554 , G06N7/02
摘要: Embodiments are directed to generating an account process profile based on meta-events and to detecting account behavior anomalies based on account process profiles. In one scenario, a computer system accesses an indication of which processes were initiated by an account over a specified period of time. The computer system analyzes at least some of the processes identified in the indication to extract features associated with the processes. The computer system assigns the processes to meta-events based on the extracted features, where each meta-event is a representation of how the processes are executed within the computer system. The computer system then generates an account process profile for the account based on the meta-events, where the account process profile provides a comprehensive view of the account's behavior over the specified period of time. This account process profile can be used to identify anomalies in process execution.
摘要翻译: 实施例涉及基于元事件来生成帐户流程简档,并且基于帐户流程简档来检测帐户行为异常。 在一种情况下,计算机系统访问在特定时间段内帐户启动哪些进程的指示。 计算机系统分析指示中识别的至少一些进程以提取与进程相关联的特征。 计算机系统基于提取的特征将进程分配给元事件,其中每个元事件是如何在计算机系统内执行进程的表示。 计算机系统然后基于元事件生成帐户的帐户流程简档,其中帐户流程简档提供了在指定时间段内账户行为的综合视图。 此帐户流程配置文件可用于识别流程执行中的异常。
-
公开(公告)号:WO2023048921A1
公开(公告)日:2023-03-30
申请号:PCT/US2022/042279
申请日:2022-09-01
发明人: MAZUMDER, Anisha , ZHAI, Haijun , MACE, Daniel Lee , ROY, Yogesh K. , HARIKRISHNAN, Seetharaman
摘要: Techniques are described herein that are capable of performing automatic graph-based detection of potential security threats. A Bayesian network is initialized using an association graph to establish connections among network nodes in the Bayesian network. The network nodes are grouped among clusters that correspond to respective intents. Patterns in the Bayesian network are identified. At least one redundant connection, which is redundant with regard to one or more other connections, is removed from the patterns. Scores are assigned to the respective patterns in the Bayesian network, based on knowledge of historical patterns and historical security threats, such that each score indicates a likelihood of the respective pattern to indicate a security threat. An output graph is automatically generated. The output graph includes each pattern that has a score that is greater than or equal to a score threshold. Each pattern in the output graph represents a potential security threat.
-
公开(公告)号:WO2020068231A1
公开(公告)日:2020-04-02
申请号:PCT/US2019/039654
申请日:2019-06-28
发明人: LEWIS, Richard Patrick , DENG, Lisa , WITTENBERG, Craig Henry , MACE, Daniel Lee , ROY, Yogesh Kant
IPC分类号: H04L29/06
摘要: Systems are provided for using machine learning to identify service accounts and/or for distinguishing service accounts from user accounts based on the user names of the accounts. Machine learning tools can be trained on user name label data for service accounts and user accounts. The trained machine learning tool can then be applied to user names of accounts to determine whether the user names correspond to service accounts or not and, in some instances, without referencing tables or other structures that explicitly identify and distinguish the service/user accounts and/or conventions for identifying service accounts. Then, the systems can respond appropriately, based on the determination. The machine learning tool can also be shared with other systems to make the same determinations for their accounts without having to share confidential or proprietary account information.
-
-
-
搜索结果
4 条记录 (耗时 0.012 秒)
