×

Cyber security event detection

  • US 10,397,259 B2
  • Filed: 03/23/2017
  • Issued: 08/27/2019
  • Est. Priority Date: 03/23/2017
  • Status: Active Grant
First Claim
Patent Images

1. A system for detecting cyber security events comprising:

  • a memory device; and

    a hardware processor to;

    generate a first set of a plurality of time series and aggregate statistics based on a plurality of properties corresponding to user actions for each user in a set of users;

    separate the set of users into a plurality of clusters based on the first set of the plurality of time series or the aggregate statistics for each user;

    assign an identifier to each of the plurality of clusters;

    generate a second set of a plurality of time series based on properties of the plurality of clusters, wherein the properties of a cluster correspond to a membership, a diameter, and a centroid, the centroid to be calculated for each of the plurality of clusters based on the first set of plurality of time series and the aggregate statistics for each user of each cluster;

    detect an anomaly based on a new value stored in the second set of plurality of time series; and

    execute a prevention instruction in response to detecting the anomaly.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×