Detection of anomalous computer behavior

Assignee

• State Farm Mutual Automobile Insurance Company · US

Inventors

• Rajiv C. Shah · Bloomington, US
• Shannon Morrison · Gilbert, US
• Jeremy T. Cunningham · Bloomington, US
• Taylor Griffin Smith · Allen, US
• Sripriya Sundararaman · Plano, US
• Jing Wan · Malta, US
• Jeffrey David Hevrin · Bloomington, US
• Ronald R. Duehr · Normal, US
• Brad Sliz · Normal, US
• Lucas Allen · East Peoria, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2463/121
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A computer-implemented method for determining features of a dataset that are indicative of anomalous behavior of one or more computers in a large group of computers comprises (1) receiving log files including a plurality of entries of data regarding connections between a plurality of computers belonging to an organization and a plurality of websites outside the organization, each entry being associated with the actions of one computer, (2) executing a time series decomposition algorithm on a portion of the features of the data to generate a first list of features, (3) implementing a plurality of traffic dispersion graphs to generate a second list of features, and (4) implementing an autoencoder and a random forest regressor to generate a third list of features.