Inferring temporal relationships for cybersecurity events

Assignee

• International Business Machines Corporation · US

Inventors

• Preeti Ravindra · Atlanta, US
• Youngja Park · Princeton, US
• Dhilung Hang Kirat · White Plains, US
• Jiyong Jang · Ossining, US
• Marc Philippe Stoecklin · Bern, CH

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2463/121
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A cognitive security analytics platform is enhanced by providing a technique for automatically inferring temporal relationship data for cybersecurity events. In operation, a description of a security event is received, typically as unstructured security content or data. Information such as temporal data or cues, are extracted from the description, along with security entity and relationship data. Extracted temporal information is processing according to a set of temporal markers (heuristics) to determine a time value marker (i.e., an established time) of the security event. This processing typically involves retrieval of information from one or more structured data sources. The established time is linked to the security entities and relationships. The resulting security event, as augmented with the identified temporal data, is then subjected to a management operation.