System and method for cybersecurity threat monitoring using dynamically-updated semantic graphs
US11729204B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 13, 2021 |
| Grant date | Aug 15, 2023 |
| Priority date | — |
| Expiry date | Dec 13, 2041 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1416
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method for performing cyber-security analysis includes storing a semantic graph with nodes representing monitored computer-based entities, and edges representing monitored relationships. Each edge has an associated tally. A set of threat scores associated with multiple computer-based entities is stored in the memory. The semantic graph is updated in response to receiving event data. The updating includes decomposing the event data into a set of entities and a set of associated relationships, updating the tally of one of the edges based on the set of relationships, modifying an alert attribute of a monitored computer-based entity when the event data includes an applicable alert, and modifying a threat score of at least one computer-based entity based on the event data when the event data includes an applicable alert, to define a set of modified threat scores. The updated semantic graph is monitored for cyber-security risks within the multiple computer-based entities.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.