Fuzzy cyber detection pattern matching

Assignee

• International Business Machines Corporation · US

Inventors

• Xiaokui Shu · Ossining, US
• Zhongshu Gu · Ridgewood, US
• Marc Philippe Stoecklin · Bern, CH
• Hani T. Jamjoom · Cos Cob, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1425
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Mechanisms for identifying a pattern of computing resource activity of interest, in activity data characterizing activities of computer system elements, are provided. A temporal graph of the activity data is generated and a filter is applied to the temporal graph to generate one or more first vector representations, each characterizing nodes and edges within a moving window defined by the filter. The filter is applied to a pattern graph representing a pattern of entities and events indicative of the pattern of interest, to generate a second vector representation. The second vector representation is compared to the one or more first vector representations to identify one or more nearby vectors, and one or more corresponding subgraph instances are output to an intelligence console computing system as inexact matches of the temporal graph.