Copula optimization method and apparatus for identifying and detecting threats to an enterprise or e-commerce system and other applications
First Claim
1. A method for identifying and detecting threats to an enterprise or e-commerce system, the method comprising:
- grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources and/or from incoming data traffic to the enterprise or e-commerce system;
extracting one or more features from the grouped log lines into one or more features tables;
using one or more statistical models on the one or more features tables to identify statistical outliers; and
for a Copula statistical model, estimating the marginal probability distribution of a feature using a nonparametric kernel density determination using a Gaussian kernel estimation step, said Gaussian kernel estimation step comprising the step of setting a bandwidth of said Gaussian kernel, and further setting said bandwidth using a Scott'"'"'s rule of thumb bandwidth setting process.
4 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatuses employing copula optimization in building multivariate statistical models for identifying and detecting threats to an enterprise or e-commerce system are disclosed, including grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources and/or from incoming data traffic to the enterprise or e-commerce system; extracting one or more features from the grouped log lines into one or more features tables; using one or more statistical models on the one or more features tables to identify statistical outliers and using the one or more rules on incoming enterprise or e-commerce system data traffic to detect threats to the enterprise or e-commerce system. Other embodiments are described and claimed.
-
Citations
15 Claims
-
1. A method for identifying and detecting threats to an enterprise or e-commerce system, the method comprising:
- grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources and/or from incoming data traffic to the enterprise or e-commerce system;
extracting one or more features from the grouped log lines into one or more features tables;
using one or more statistical models on the one or more features tables to identify statistical outliers; and
for a Copula statistical model, estimating the marginal probability distribution of a feature using a nonparametric kernel density determination using a Gaussian kernel estimation step, said Gaussian kernel estimation step comprising the step of setting a bandwidth of said Gaussian kernel, and further setting said bandwidth using a Scott'"'"'s rule of thumb bandwidth setting process. - View Dependent Claims (2, 3, 4, 5)
- grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources and/or from incoming data traffic to the enterprise or e-commerce system;
-
6. A system for identifying and detecting threats to an enterprise or e-commerce system, comprising:
- a processor memory for storing instructions for identifying and detecting threats to an enterprise or e-commerce system;
a computer processor for executing said instructions for identifying and detecting threats to an enterprise or e-commerce system, said instructions comprising;
instructions for grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources and/or from incoming data traffic to the enterprise or e-commerce system;
instructions for extracting one or more features from the grouped log lines into one or more features tables;
instructions for using one or more statistical models on the one or more features tables to identify statistical outliers; and
instructions for applying a Copula statistical model for estimating the marginal probability distribution of a feature using a nonparametric kernel density determination using a Gaussian kernel estimation step, said Gaussian kernel estimation step comprising the step of setting a bandwidth of said Gaussian kernel, and further setting said bandwidth using a Scott'"'"'s rule of thumb bandwidth setting process. - View Dependent Claims (7, 8, 9, 10)
- a processor memory for storing instructions for identifying and detecting threats to an enterprise or e-commerce system;
-
11. A networked enterprise or e-commerce system comprising a threat detection and identification system for identifying and detecting threats, to a plurality of computing systems of the networked enterprise or e-commerce system, wherein the plurality of computing systems are networked over a common communications network for communicating with one another in a secure computing environment, wherein the threat detection and identification system comprises:
- a processor memory for storing instructions for identifying and detecting threats to an enterprise or e-commerce system;
a computer processor for executing said instructions for identifying and detecting threats to an enterprise or e-commerce system, said instructions comprising;
instructions for grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources and/or from incoming data traffic to the enterprise or e-commerce system;
instructions for extracting one or more features from the grouped log lines into one or more features tables;
instructions for using one or more statistical models on the one or more features tables to identify statistical outliers; and
instructions for applying a Copula statistical model for estimating the marginal probability distribution of a feature using a nonparametric kernel density determination using a Gaussian kernel estimation step, said Gaussian kernel estimation step comprising the step of setting a bandwidth of said Gaussian kernel, and further setting said bandwidth using a Scott'"'"'s rule of thumb bandwidth setting process. - View Dependent Claims (12, 13, 14, 15)
- a processor memory for storing instructions for identifying and detecting threats to an enterprise or e-commerce system;
Specification