Anomaly detection to identify security threats
US10673880B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 26, 2016 |
| Grant date | Jun 2, 2020 |
| Priority date | — |
| Expiry date | Mar 23, 2037 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/121
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Techniques are described for processing anomalies detected using user-specified rules with anomalies detected using machine-learning based behavioral analysis models to identify threat indicators and security threats to a computer network. In an embodiment, anomalies are detected based on processing event data at a network security system that used rules-based anomaly detection. These rules-based detected anomalies are acquired by a network security system that uses machine-learning based anomaly detection. The rules-based detected anomalies are processed along with machine learning detected anomalies to detect threat indicators or security threats to the computer network. The threat indicators and security threats are output as alerts to the network security system that used rules-based anomaly detection.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.