Collaborative filtering anomaly detection explainability
US11483327B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Nov 17, 2019 |
| Grant date | Oct 25, 2022 |
| Priority date | — |
| Expiry date | Dec 22, 2040 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/20
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Cybersecurity anomaly explainability is enhanced, with particular attention to collaborative filter-based anomaly detection. An enhanced system obtains user behavior vectors derived from a trained collaborative filter, computes a similarity measure of user behavior based on a distance between user behavior vectors and a similarity threshold, and automatically produces an explanation of a detected cybersecurity anomaly. The explanation describes a change in user behavior similarity, in human-friendly terms, such as “User X from Sales is now behaving like a network administrator.” Each user behavior vector includes latent features, and corresponds to access attempts or other behavior of a user with respect to a monitored computing system. Users may be sorted according to behavioral similarity. Explanations may associate a collaborative filter anomaly detection result with a change in behavior of an identified user or cluster of users, per specified explanation structures. Explanations may include organizational context information such as roles.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.