Patent · US Active

Self-learning cybersecurity threat detection system, method, and computer program for multi-domain data

US11178168B1 · kind B1 · utility

14Cited by

25References

27Claims

0Family size

Assignee

Exabeam, Inc. · US

Inventors

Derek Lin · San Mateo, US
Anying Li · San Francisco, US
Ryan John Foltz · Bucyrus, US
Domingo Mihovilovic · Menlo Park, US
Sylvain Gil · San Francisco, US
Barry Steiman · San Ramon, US

Key dates

Filing date	Dec 19, 2019
Grant date	Nov 16, 2021
Priority date	—
Expiry date	Jun 30, 2040

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1466
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

The present disclosure describes a self-learning system, method, and computer program for detecting cybersecurity threats in a computer network based on anomalous user behavior and multi-domain data. A computer system tracks user behavior during a user session across multiple data domains. For each domain observed in a user session, a domain risk is calculated. The user's session risk is then calculated as the weighted sum of the domain risks. A domain risk is based on individual event-level risk probabilities and a session-level risk probability from the domain. The individual event-level risk probabilities and a session-level risk probability for a domain are derived from user events of the domain during the session and are based on event-feature indicators and session-feature indicators for the domain.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.