Systems and methods for classifying malicious network events
US9306962B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Jul 24, 2014 |
| Grant date | Apr 5, 2016 |
| Priority date | — |
| Expiry date | Jul 24, 2034 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/34
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A system for classifying events on a computer network includes an event clustering engine for receiving event and log data related to identifiable actors from a security information and event management (SIEM) or log management module and selecting behavioral groupings of the event and log data. An affinity-based feature generation module assigns a value to each identifiable actor based on occurrences within predetermined time intervals of the identifiable actors having the selected behavioral grouping. A time-based weighting decay module applies a time decaying function to the assigned values for each identifiable actor. A feature engineering storage module stores information relating to the identifiable actors and their associated time-decayed values. A machine learning module generates a prediction model based on information received from the event clustering engine and the time-based weighting decay module, and the prediction model is utilized by a prediction engine on a computer to predict and classify received event and log data as malicious or non-malicious.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.