Anomaly scoring using collaborative filtering
US11310257B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 27, 2019 |
| Grant date | Apr 19, 2022 |
| Priority date | — |
| Expiry date | Oct 18, 2040 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06N7/01
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A machine learning model is trained using tuples that identify an actor, a resource, and a rating based on a normalized count of the actor's attempts to access the resource. Actors may be users, groups, IP addresses, or otherwise defined. Resources may be storage, virtual machines, APIs, or otherwise defined. A risk assessor code feeds an actor-resource pair to the trained model, which computes a recommendation score using collaborative filtering. The risk assessor inverts the recommendation score to obtain a risk measurement; a low recommendation score corresponds to a high risk, and vice versa. The risk assessor code or other code takes cybersecurity action based on the recommendation score. Code may accept a risk R, or aid mitigation of the risk R, where R denotes a risk that the scored pair represents an unauthorized attempt by the pair actor to access the pair resource.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.