Identifying security breaches from clustering properties

Assignee

• International Business Machines Corporation · US

Inventors

• Allon Adir · Kiryat Tivon, IL
• Ehud Aharoni · Kfar Sava, IL
• Lev Greenberg · Haifa, IL
• Oded Margalit · Ramat Gan, IL
• Rosa Miroshnikov · Toronto, CA
• Oded Sofer · Yeroham, IL
• Boris Rozenberg · Ramat Gan, IL

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1425
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Embodiments of the present invention may provide the capability to identify security breaches in computer systems from clustering properties of clusters generated based on monitored behavior of users of the computer systems by using techniques that provide improved performance and reduced resource requirements. For example, behavior of users or resources may be monitored and analyzed to generate clusters and train clustering models. Labeling information relating to some user or resource may be received. When users or resources are clustered and when a cluster contains some labeled users/resources then an anomaly score can be determined for a user/resource belonging to the cluster. A user or resource may be detected to be an outlier of at least one cluster to which the user or resource has been assigned, and an alert indicating detection of the outlier may be generated.