Computer-implemented process and system employing outlier score detection for identifying and detecting scenario-specific data elements from a dynamic data source
First Claim
1. A method for identifying and detecting scenario-specific data elements from a dynamic data source, comprising threats to an enterprise or e-commerce system, the method comprising:
- grouping scenario-specific data elements into grouped log lines, the scenario-specific data elements belonging to one or more scenario-specific data element parameters from one or more dynamic data sources and/or from incoming data traffic to the one or more dynamic data sources;
extracting one or more features from the grouped log lines into one or more features tables, said features formed using a feature generator associated with the dynamic data sources;
using one or more statistical models on the one or more features tables to identify statistical outliers;
identifying said statistical outliers for further investigation by a human security analyst using a combination of outlier detection modules, coordinating output from said combination of a plurality of outlier detection modules, at least a subset of said outlier detection modules operating an outlier detection algorithm distinct from the outlier detection algorithms operating on other outlier detection modules within said combination of outlier detection modules;
using the one or more features tables to create one or more adaptive rules for performing at least one of;
further refining statistical models for identification of statistical outlier; and
preventing access by categorized threats to the dynamic data sources,wherein the method results in improved security to the enterprise or e-commerce system.
4 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatuses employing outlier score detection method and apparatus for identifying and detecting threats to an enterprise or e-commerce system are disclosed, including grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources and/or from incoming data traffic to the enterprise or e-commerce system; extracting one or more features from the grouped log lines into one or more features tables; using one or more statistical models on the one or more features tables to identify statistical outliers; using the one or more features tables to create one or more rules for identifying threats to the enterprise or e-commerce system; and using the one or more rules on incoming enterprise or e-commerce system data traffic to detect threats to the enterprise or e-commerce system. Other embodiments are described and claimed.
6 Citations
20 Claims
-
1. A method for identifying and detecting scenario-specific data elements from a dynamic data source, comprising threats to an enterprise or e-commerce system, the method comprising:
- grouping scenario-specific data elements into grouped log lines, the scenario-specific data elements belonging to one or more scenario-specific data element parameters from one or more dynamic data sources and/or from incoming data traffic to the one or more dynamic data sources;
extracting one or more features from the grouped log lines into one or more features tables, said features formed using a feature generator associated with the dynamic data sources;
using one or more statistical models on the one or more features tables to identify statistical outliers;
identifying said statistical outliers for further investigation by a human security analyst using a combination of outlier detection modules, coordinating output from said combination of a plurality of outlier detection modules, at least a subset of said outlier detection modules operating an outlier detection algorithm distinct from the outlier detection algorithms operating on other outlier detection modules within said combination of outlier detection modules;
using the one or more features tables to create one or more adaptive rules for performing at least one of;
further refining statistical models for identification of statistical outlier; and
preventing access by categorized threats to the dynamic data sources,wherein the method results in improved security to the enterprise or e-commerce system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- grouping scenario-specific data elements into grouped log lines, the scenario-specific data elements belonging to one or more scenario-specific data element parameters from one or more dynamic data sources and/or from incoming data traffic to the one or more dynamic data sources;
-
19. An apparatus for identifying and detecting threats to an enterprise or e-commerce system, the apparatus comprising:
- one or more hardware processors;
system memory coupled to the one or more hardware processors;
one or more non-transitory memory units coupled to the one or more hardware processors; and
threat identification and detection code stored on the one or more non-transitory memory units that when executed by the one or more hardware processors are configured to perform a method which results in improved security to the enterprise or e-commerce system, the method comprising;
grouping scenario-specific data elements into grouped log lines, said scenario-specific data elements belonging to one or more scenario-specific data element parameters from one or more dynamic data sources and/or from incoming data traffic to the dynamic data sources;
extracting one or more features from the grouped log lines into one or more features tables, said features formed using a feature generator associated with the dynamic data sources;
using one or more statistical models on the one or more features tables to identify statistical outliers;
identifying said statistical outliers for further investigation by a human security analyst using a combination of outlier detection modules, coordinating output from said combination of a plurality of outlier detection modules, at least a subset of said outlier detection modules operating an outlier detection algorithm distinct from the outlier detection algorithms operating on other outlier detection modules within said combination of outlier detection modules; and
using the one or more features tables to create one or more adaptive rules for performing at least one of;
further refining statistical models for identification of statistical outliers; and
preventing access by categorized threats to the dynamic data sources. - View Dependent Claims (20)
- one or more hardware processors;
Specification