Cognitive analysis of security data with signal flow-based graph exploration

Assignee

• International Business Machines Corporation · US

Inventors

• Jiyong Jang · Ossining, US
• Dhilung Hang Kirat · White Plains, US
• Youngja Park · Princeton, US
• Marc Philippe Stoecklin · Bern, CH

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1416
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

This disclosure provides for a signal flow analysis-based exploration of security knowledge represented in a graph structure comprising nodes and edges. “Conductance” values are associated to each of a set of edges. Each node has an associated “toxicity” value representing a degree of maliciousness associated with the node. The conductance value associated with an edge is a function of at least the toxicity values of the nodes to which the edge is incident. A signal flow analysis is conducted with respect to an input node representing an observable associated with an offense. The flow analysis seeks to identify a subset of the nodes that, based on their conductance values, are reached by flow of a signal representing a threat, wherein signal flow over a path in the graph continues until a signal threshold is met. Based on the analysis, nodes within the subset are designated as hypothesis nodes for further examination.