Anomaly detection in enterprise threat detection

US 10,552,605 B2
Filed: 12/16/2016
Issued: 02/04/2020
Est. Priority Date: 12/16/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

defining a selection of data types from available log data for an evaluation of events associated with an entity;

defining one or more evaluations associated with the entity;

generating reference data from the selection of data types based on the one or more defined evaluations;

grouping the one or more evaluations into a pattern;

defining a polygon for the entity based on values of one or more evaluations associated with the entity;

defining a two-dimensional (2D) coordinate system for calculating an area of a polygon placed into the 2D coordinate system and coordinates of a centroid of the calculated area of the polygon in the 2D coordinate system; and

initializing for display in a graphical user interface a three dimensional (3D) score diversity diagram visualization, wherein a point representing the entity in the visualization is localized in 3D space at a coordinate based on 2D coordinates in the 2D coordinate system of the centroid of the calculated area of the polygon placed into the 2D coordinate system and defined by the values of the one or more evaluations associated with the entity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A selection of data types is defined from available log data for an evaluation of events associated with an entity. One or more evaluations associated with the entity are defined and reference data is generated from the selection of data types based on the one or more defined evaluations. The one or more evaluations are grouped into a pattern. A three dimensional (3D) score diversity diagram visualization is initialized for display in a graphical user interface, where a point representing the entity in the visualization is localized in 3D space at a coordinate based on two-dimensional (2D) coordinates in a 2D coordinate system of a centroid of the calculated area of a polygon placed to into the 2D coordinate system and defined by the values of each evaluation associated with the entity.

199 Citations

15 Claims

1. A computer-implemented method, comprising:
- defining a selection of data types from available log data for an evaluation of events associated with an entity;
  
  defining one or more evaluations associated with the entity;
  
  generating reference data from the selection of data types based on the one or more defined evaluations;
  
  grouping the one or more evaluations into a pattern;
  
  defining a polygon for the entity based on values of one or more evaluations associated with the entity;
  
  defining a two-dimensional (2D) coordinate system for calculating an area of a polygon placed into the 2D coordinate system and coordinates of a centroid of the calculated area of the polygon in the 2D coordinate system; and
  
  initializing for display in a graphical user interface a three dimensional (3D) score diversity diagram visualization, wherein a point representing the entity in the visualization is localized in 3D space at a coordinate based on 2D coordinates in the 2D coordinate system of the centroid of the calculated area of the polygon placed into the 2D coordinate system and defined by the values of the one or more evaluations associated with the entity.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer-implemented method of claim 1, further comprising calculating the area of the polygon in the 2D coordinate system.
  - 3. The computer-implemented method of claim 2, further comprising calculating the centroid coordinate of the calculated area of the polygon in the 2D coordinate system.
  - 4. The computer-implemented method of claim 3, further comprising defining a 3D coordinate system, where the axes of the 3D coordinate system include the 2D coordinates of the calculated centroid of the calculated area of the polygon and the calculated area of the polygon.
  - 5. The computer implemented method of claim 4, further comprising plotting a point representing the entity in the 3D coordinate system using the values of the 2D coordinates of the calculated centroid of the calculated area of the polygon and the calculated area of the polygon.

6. A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations comprising:
- defining a selection of data types from available log data for an evaluation of events associated with an entity;
  
  defining one or more evaluations associated with the entity;
  
  generating reference data from the selection of data types based on the one or more defined evaluations;
  
  grouping the one or more evaluations into a pattern;
  
  defining a polygon for the entity based on values of one or more evaluations associated with the entity;
  
  defining a two-dimensional (2D) coordinate system for calculating an area of a polygon placed into the 2D coordinate system and coordinates of a centroid of the calculated area of the polygon in the 2D coordinate system; and
  
  initializing for display in a graphical user interface a three dimensional (3D) score diversity diagram visualization, wherein a point representing the entity in the visualization is localized in 3D space at a coordinate based on 2D coordinates in the 2D coordinate system of the centroid of the calculated area of the polygon placed into the 2D coordinate system and defined by the values of the one or more evaluations associated with the entity.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The non-transitory, computer-readable medium of claim 6, further comprising one or more instructions to calculate the area of the polygon in the 2D coordinate system.
  - 8. The non-transitory, computer-readable medium of claim 7, further comprising one or more instructions to calculate the centroid coordinate of the calculated area of the polygon in the 2D coordinate system.
  - 9. The non-transitory, computer-readable medium of claim 8, further comprising one or more instructions to define a 3D coordinate system, where the axes of the 3D coordinate system include the 2D coordinates of the calculated centroid of the calculated area of the polygon and the calculated area of the polygon.
  - 10. The non-transitory, computer-readable medium of claim 9, further comprising one or more instructions to plot a point representing the entity in the 3D coordinate system using the values of the 2D coordinates of the calculated centroid of the calculated area of the polygon and the calculated area of the polygon.

11. A computer-implemented system, comprising:
- a computer memory; and
  
  a hardware processor interoperably coupled with the computer memory and configured to perform operations comprising;
  
  defining a selection of data types from available log data for an evaluation of events associated with an entity;
  
  defining one or more evaluations associated with the entity;
  
  generating reference data from the selection of data types based on the one or more defined evaluations;
  
  grouping the one or more evaluations into a pattern;
  
  defining a polygon for the entity based on values of one or more evaluations associated with the entity;
  
  defining a two-dimensional (2D) coordinate system for calculating an area of a polygon placed into the 2D coordinate system and coordinates of a centroid of the calculated area of the polygon in the 2D coordinate system; and
  
  initializing for display in a graphical user interface a three dimensional (3D) score diversity diagram visualization, wherein a point representing the entity in the visualization is localized in 3D space at a coordinate based on 2D coordinates in the 2D coordinate system of the centroid of the calculated area of the polygon placed into the 2D coordinate system and defined by the values of the one or more evaluations associated with the entity.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer-implemented system of claim 11, further configured to calculate the area of the polygon in the 2D coordinate system.
  - 13. The computer-implemented system of claim 12, further configured to calculate the centroid coordinate of the calculated area of the polygon in the 2D coordinate system.
  - 14. The computer-implemented system of claim 13, further configured to define a 3D coordinate system, where the axes of the 3D coordinate system include the 2D coordinates of the calculated centroid of the calculated area of the polygon and the calculated area of the polygon.
  - 15. The computer-implemented system of claim 14, further configured to plot a point representing the entity in the 3D coordinate system using the values of the 2D coordinates of the calculated centroid of the calculated area of the polygon and the calculated area of the polygon.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Hassforther, Jona, Baumgart, Jens, Menke, Thorsten, Guzman, Volker, Kraemer, Florian, Jacobi, Anne, Lam, Thanh-Phong, Al-Hujaj, Omar-Alexander, Nos, Kathrin
Primary Examiner(s)
Okeke, Izunna

Application Number

US15/382,056
Publication Number

US 20180173873A1
Time in Patent Office

1,145 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06T 11/206   Drawing of charts or graphs

G06T 2200/24   involving graphical user in...

Anomaly detection in enterprise threat detection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

199 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Anomaly detection in enterprise threat detection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

199 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others