Predicting condition of a host for cybersecurity applications
US11012463B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Nov 7, 2018 |
| Grant date | May 18, 2021 |
| Priority date | — |
| Expiry date | Mar 16, 2039 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/121
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
For a plurality of hosts, observe first time-varying characteristics including network throughput, central processing unit (CPU) usage, and/or memory usage; second time-varying characteristics including software configuration; and time-invariant characteristics including hardware configuration, at a plurality of timestamps. Construct a restricted HMM configured to predict actual host states, wherein the first time-varying characteristics include observed variables. The current observed variables depend on current values of the hidden variables and prior timestamp distribution of the observed variables. The former in turn depend on prior timestamp values of the hidden variables, the time-invariant characteristics of the hosts. and current timestamp values of the second time-varying characteristics. Estimate parameters of the restricted HMM; run the restricted HMM with the estimated parameters for each of the hosts; analyze the results to identify at least one of the hosts which has a potential cybersecurity issue; and take at least one remedial action.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.