Identifying threat indicators by processing multiple anomalies
US11019088B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | May 28, 2020 |
| Grant date | May 25, 2021 |
| Priority date | — |
| Expiry date | May 28, 2040 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/121
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Techniques are described for processing anomalies detected using user-specified rules with anomalies detected using machine-learning based behavioral analysis models to identify threat indicators and security threats to a computer network. In an embodiment, anomalies are detected based on processing event data at a network security system that used rules-based anomaly detection. These rules-based detected anomalies are acquired by a network security system that uses machine-learning based anomaly detection. The rules-based detected anomalies are processed along with machine learning detected anomalies to detect threat indicators or security threats to the computer network. The threat indicators and security threats are output as alerts to the network security system that used rules-based anomaly detection.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.