Apparatus having engine using artificial intelligence for detecting behavior anomalies in a computer network
US11415425B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 14, 2021 |
| Grant date | Aug 16, 2022 |
| Priority date | — |
| Expiry date | Sep 14, 2041 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L69/16
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A system comprises an enterprise network system and engine that could be inside an enterprise or hosted on a public and/or private cloud infrastructure. The engine has a discovery module coupled to a switch device, an AI and machine learning based monitoring and detection module coupled to the switch device and end point devices or assets including laptops, workstations and servers, and a remediation module coupled to the switch device. The system provides processes for building a network endpoint state transition model. The system can be unsupervised and is completely based on artificial intelligence processes. The network endpoint model is constructed by using a network identity and network behavior observed through data traffic flow to capture co-occurrence of data communications or connections in at least two consecutive observation windows or time frames. This network endpoint connection state transition model is used for detecting behavior anomalies.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.