Unstructured security threat information analysis

US 10,063,573 B2
Filed: 02/13/2017
Issued: 08/28/2018
Est. Priority Date: 08/29/2014
Status: Active Grant

First Claim

Patent Images

1. A system comprising one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising:

receiving unstructured textual data;

parsing the unstructured textual data into a plurality of sections including a first section and a second section that is a different section in the unstructured textual data than the first section;

for each section in the plurality of sections;

identifying one or more keywords in data for the section in the plurality of sections;

determining one or more patterns that match the section using the identified one or more keywords; and

identifying one or more intelligence types that correspond to the section using the determined one or more patterns;

associating, for a first intelligence type from the identified one or more intelligence types for the first section, the data for the first section from the unstructured textual data with the first intelligence type;

associating, for a second intelligence type from the identified one or more intelligence types for the second section, the data for the second section from the unstructured textual data with the second intelligence type, wherein the second intelligence type is a different intelligence type than the first intelligence type;

determining a rule for a third party that indicates that the third party should receive data associated with a particular intelligence type of the one or more intelligence types;

determining that the first intelligence type is the particular intelligence type; and

providing the data for the first section to a system of the third party.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for creating structured data using data received from unstructured textual data sources. One of the methods includes receiving unstructured textual data, identifying one or more keywords in the unstructured textual data, determining one or more patterns included in the unstructured textual data using the identified keywords, identifying one or more intelligence types that correspond with the unstructured textual data using the determined patterns, and associating, for each of the identified intelligence types, a data subset from the unstructured textual data with the respective intelligence type.

Citations

20 Claims

1. A system comprising one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising:
- receiving unstructured textual data;
  
  parsing the unstructured textual data into a plurality of sections including a first section and a second section that is a different section in the unstructured textual data than the first section;
  
  for each section in the plurality of sections;
  
  identifying one or more keywords in data for the section in the plurality of sections;
  
  determining one or more patterns that match the section using the identified one or more keywords; and
  
  identifying one or more intelligence types that correspond to the section using the determined one or more patterns;
  
  associating, for a first intelligence type from the identified one or more intelligence types for the first section, the data for the first section from the unstructured textual data with the first intelligence type;
  
  associating, for a second intelligence type from the identified one or more intelligence types for the second section, the data for the second section from the unstructured textual data with the second intelligence type, wherein the second intelligence type is a different intelligence type than the first intelligence type;
  
  determining a rule for a third party that indicates that the third party should receive data associated with a particular intelligence type of the one or more intelligence types;
  
  determining that the first intelligence type is the particular intelligence type; and
  
  providing the data for the first section to a system of the third party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, the operations comprising:
    - determining that none of the rules for the third party indicates that the third party should receive data associated with the second intelligence type; and
      
      determining to not provide data for the second section to the system of the third party in response to determining that none of the rules for the third party indicates that the third party should receive data associated with the second intelligence type.
  - 3. The system of claim 1, wherein providing the data for the first section to a system for the third party is responsive to determining the rule for the third party that indicates that the third party should receive data associated with the particular intelligence type of the one or more intelligence types and determining that the first intelligence types is the particular intelligence type.
  - 4. The system of claim 3, wherein providing the data for the first section to the system for the third party comprises providing instructions to the system for the third party for presentation of the data for the first section.
  - 5. The system of claim 1, wherein each of the plurality of sections comprises a sentence.
  - 6. The system of claim 1, wherein each of the plurality of sections comprises a paragraph.
  - 7. The system of claim 1, wherein associating, for the first intelligence type, the data for the first section from the unstructured textual data with the first intelligence type comprises storing, in a database, at least one new record specific to the first intelligence type that comprises the data for the first section.
  - 8. The system of claim 1, wherein identifying the one or more intelligence types that correspond to the section using the determined one or more patterns comprises:
    - determining one or more rules using the one or more patterns; and
      
      identifying the one or more intelligence types that correspond to the section using the one or more rules.

9. A non-transitory computer storage medium encoded with instructions that, when executed by one or more computers, cause the one or more computers to perform operations comprising:
- receiving unstructured textual data;
  
  parsing the unstructured textual data into a plurality of sections including a first section and a second section that is a different section in the unstructured textual data than the first section;
  
  for each section in the plurality of sections;
  
  identifying one or more keywords in data for the section in the plurality of sections;
  
  determining one or more patterns that match the section using the identified one or more keywords; and
  
  identifying one or more intelligence types that correspond to the section using the determined one or more patterns;
  
  associating, for a first intelligence type from the identified one or more intelligence types for the first section, the data for the first section from the unstructured textual data with the first intelligence type;
  
  associating, for a second intelligence type from the identified one or more intelligence types for the second section, the data for the second section from the unstructured textual data with the second intelligence type, wherein the second intelligence type is a different intelligence type than the first intelligence type;
  
  determining a rule for a third party that indicates that the third party should receive data associated with a particular intelligence type of the one or more intelligence types;
  
  determining that the first intelligence type is the particular intelligence type; and
  
  providing the data for the first section to a system of the third party.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer storage medium of claim 9, the operations comprising:
    - determining that none of the rules for the third party indicates that the third party should receive data associated with the second intelligence type; and
      
      determining to not provide data for the second section to the system of the third party in response to determining that none of the rules for the third party indicates that the third party should receive data associated with the second intelligence type.
  - 11. The computer storage medium of claim 9, wherein providing the data for the first section to a system for the third party is responsive to determining the rule for the third party that indicates that the third party should receive data associated with the particular intelligence type of the one or more intelligence types and determining that the first intelligence types is the particular intelligence type.
  - 12. The computer storage medium of claim 11, wherein providing the data for the first section to the system for the third party comprises providing instructions to the system for the third party for presentation of the data for the first section.
  - 13. The computer storage medium of claim 9, wherein each of the plurality of sections comprises a sentence.
  - 14. The computer storage medium of claim 9, wherein each of the plurality of sections comprises a paragraph.
  - 15. The computer storage medium of claim 9, wherein associating, for the first intelligence type, the data for the first section from the unstructured textual data with the first intelligence type comprises storing, in a database, at least one new record specific to the first intelligence type that comprises the data for the first section.
  - 16. The computer storage medium of claim 9, wherein identifying the one or more intelligence types that correspond to the section using the determined one or more patterns comprises:
    - determining one or more rules using the one or more patterns; and
      
      identifying the one or more intelligence types that correspond to the section using the one or more rules.

17. A computer-implemented method comprising:
- receiving unstructured textual data;
  
  parsing the unstructured textual data into a plurality of sections including a first section and a second section that is a different section in the unstructured textual data than the first section;
  
  for each section in the plurality of sections;
  
  identifying one or more keywords in data for the section in the plurality of sections;
  
  determining one or more patterns that match the section using the identified one or more keywords; and
  
  identifying one or more intelligence types that correspond to the section using the determined one or more patterns;
  
  associating, for a first intelligence type from the identified one or more intelligence types for the first section, the data for the first section from the unstructured textual data with the first intelligence type;
  
  associating, for a second intelligence type from the identified one or more intelligence types for the second section, the data for the second section from the unstructured textual data with the second intelligence type, wherein the second intelligence type is a different intelligence type than the first intelligence type;
  
  determining a rule for a third party that indicates that the third party should receive data associated with a particular intelligence type of the one or more intelligence types;
  
  determining that the first intelligence type is the particular intelligence type; and
  
  providing the data for the first section to a system of the third party.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, comprising:
    - determining that none of the rules for the third party indicates that the third party should receive data associated with the second intelligence type; and
      
      determining to not provide data for the second section to the system of the third party in response to determining that none of the rules for the third party indicates that the third party should receive data associated with the second intelligence type.
  - 19. The method of claim 17, wherein providing the data for the first section to a system for the third party is responsive to determining the rule for the third party that indicates that the third party should receive data associated with the particular intelligence type of the one or more intelligence types and determining that the first intelligence types is the particular intelligence type.
  - 20. The method of claim 19, wherein providing the data for the first section to the system for the third party comprises providing instructions to the system for the third party for presentation of the data for the first section.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Accenture Global Services Limited (Accenture PLC)
Original Assignee
Accenture Global Services Limited (Accenture PLC)
Inventors
Hovor, Elvis, Modi, Shimon, Sengupta, Shubhashis, Ramnani, Roshni Ramesh, Mohamedrasheed, Annervaz Karukapadath
Primary Examiner(s)
Pham, Hung Q

Application Number

US15/430,713
Publication Number

US 20170155671A1
Time in Patent Office

561 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/3344   using natural language anal...

G06F 16/338   Presentation of query results

G06F 21/55   Detecting local intrusion o...

H04L 63/14   for detecting or protecting...

H04L 63/1416   Event detection, e.g. attac...

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04L 67/53   using third party service p...

Unstructured security threat information analysis

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Unstructured security threat information analysis

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links