Ranking cybersecurity alerts from multiple sources using machine learning
US11956253B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Apr 23, 2021 |
| Grant date | Apr 9, 2024 |
| Priority date | — |
| Expiry date | Jan 25, 2042 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1425
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
The present disclosure relates to a machine-learning system, method, and computer program for ranking security alerts from multiple sources. The system self-learns risk levels associated with alerts by calculating risk probabilities for the alerts based on characteristics of the alerts and historical alert data. In response to receiving a security alert from one of a plurality of alert-generation sources, the alert-ranking system evaluates the security alert with respect to a plurality of feature indicators. The system creates a feature vector for the security alert based on the feature indicator values identified for the alert. The system then calculates a probability that the security alert relates to a cybersecurity risk in the computer network based on the created feature vector and historical alert data in the network. The system ranks alerts from a plurality of different sources based on the calculated cybersecurity risk probabilities.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.