×

System for implementing threat detection using threat and risk assessment of asset-actor interactions

  • US 10,050,985 B2
  • Filed: 11/02/2015
  • Issued: 08/14/2018
  • Est. Priority Date: 11/03/2014
  • Status: Active Grant
First Claim
Patent Images

1. A method for performing threat detection in a network comprising:

  • monitoring, by a network security device, communications traffic in the network; and

    implementing a threat detection system on the network security device, wherein the threat detection system performs the steps of;

    constructing a predictive model using metadata extracted from the communications traffic, wherein the predictive model is constructed by identifying data for a key asset, generating a dataspace representation for the key asset relative to an actor in the network, and clustering data within the dataspace representation, wherein the predictive model is constructed using at least one of ensemble-based estimation over k-means, Gaussian mixture models, or other statistic estimators;

    analyzing behaviors in the network relative to the predictive model; and

    reporting a threat if abnormal behavior is identified.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×