Patent · US Active

Detecting and responding to an anomaly in an event log

US11237897B2 · kind B2 · utility

4Cited by

7References

20Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Aankur Bhatia · Levittown, US
Chadwick M. Baatz · Naperville, US
Gary I. Givental · Bloomfield Hills, US
Thomas S. Wallace · Hillsborough, US
Srinivas B. Tummalapenta · Broomfield, US

Key dates

Filing date	Jul 25, 2019
Grant date	Feb 1, 2022
Priority date	—
Expiry date	May 24, 2040

Classification

Technology area (CPC G)Physics
CPC primaryG06N5/01
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A method identifies and prioritizes anomalies in received monitoring logs from an endpoint log source. One or more processors identify anomalies in the monitoring logs by applying a plurality of disparate types of anomaly detection algorithms to the monitoring logs, and then determine a likelihood that the identified anomalies are anomalous based on outputs of the plurality of disparate types of anomaly detection algorithms. The processor(s) then prioritize the monitoring logs based on the likelihood that the identified anomalies are actually anomalous, and send prioritized monitoring logs that exceed a priority level to a security information and event management system (SIEM).

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.