Methods and systems for analyzing cybersecurity threats
First Claim
Patent Images
1. A method of analyzing cybersecurity threats comprising:
- performing processing associated with receiving, with an analysis module of a processor, log data from a network node;
performing processing associated with identifying, with the analysis module, a statistical outlier within the log data using Tailjumps, the identifying comprising;
transforming the log data into community data indicative of a network structure, identifying a plurality of communications between nodes in the community data, and identifying the statistical outlier within the plurality of communications;
generating a behavioral graph model using the log data, determining a best fit line for a characteristic of the behavioral graph model, and identifying a data point at or beyond a predetermined distance from the best fit line as the statistical outlier;
oranalyzing text data in the log data using language processing algorithm to identify the statistical outlier;
ora combination thereof; and
performing processing associated with determining, with the analysis module, that the statistical outlier represents a cybersecurity threat by applying a Janus machine learning algorithm to provide a predication about the novelty of the statistical outlier,wherein the Janus machine learning algorithm categorizes the statistical outlier into classes, wherein the classes are separated by a security threat decision boundary, and wherein the classes comprise;
a forward class that is a most probable security threat class, a do not send class that is a least probable security threat class, and an unknown class for entities that are on the security threat decision boundary;
performing processing associated with forwarding statistical outliers categorized as unknown for additional analysis;
performing processing associated with updating the security threat decision boundary based on analysist input; and
performing processing associated with repeating the categorizing for the statistical outliers categorized as unknown with an updated security threat decision boundary.
1 Assignment
0 Petitions
Accused Products
Abstract
To analyze cybersecurity threats, an analysis module of a processor may receive log data from at least one network node. The analysis module may identify at least one statistical outlier within the log data. The analysis module may determine that the at least one statistical outlier represents a cybersecurity threat by applying at least one machine learning algorithm to the at least one statistical outlier.
49 Citations
44 Claims
-
1. A method of analyzing cybersecurity threats comprising:
-
performing processing associated with receiving, with an analysis module of a processor, log data from a network node; performing processing associated with identifying, with the analysis module, a statistical outlier within the log data using Tailjumps, the identifying comprising; transforming the log data into community data indicative of a network structure, identifying a plurality of communications between nodes in the community data, and identifying the statistical outlier within the plurality of communications; generating a behavioral graph model using the log data, determining a best fit line for a characteristic of the behavioral graph model, and identifying a data point at or beyond a predetermined distance from the best fit line as the statistical outlier;
oranalyzing text data in the log data using language processing algorithm to identify the statistical outlier;
ora combination thereof; and performing processing associated with determining, with the analysis module, that the statistical outlier represents a cybersecurity threat by applying a Janus machine learning algorithm to provide a predication about the novelty of the statistical outlier, wherein the Janus machine learning algorithm categorizes the statistical outlier into classes, wherein the classes are separated by a security threat decision boundary, and wherein the classes comprise;
a forward class that is a most probable security threat class, a do not send class that is a least probable security threat class, and an unknown class for entities that are on the security threat decision boundary;performing processing associated with forwarding statistical outliers categorized as unknown for additional analysis; performing processing associated with updating the security threat decision boundary based on analysist input; and performing processing associated with repeating the categorizing for the statistical outliers categorized as unknown with an updated security threat decision boundary. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A system for analyzing cybersecurity threats comprising:
-
a processor; a network interface in communication with the processor; and an analysis module of the processor configured to; perform processing associated with receiving log data from network node by the network interface; perform processing associated with identifying statistical outlier using Tailjumps within the log data, the identifying comprising; transforming the log data into community data indicative of a network structure, identifying a plurality of communications between nodes in the community data, and identifying the statistical outlier within the plurality of communications; generating a behavioral graph model using the log data, determining a best fit line for characteristic of the behavioral graph model, and identifying data point at or beyond a predetermined distance from the best fit line as the statistical outlier;
oranalyzing text data in the log data using language processing algorithm to identify the statistical outlier;
ora combination thereof; and perform processing associated with determining that the statistical outlier represents a cybersecurity threat by applying a Janus machine learning algorithm to provide a predication about the novelty of the statistical outlier, wherein the Janus machine learning algorithm categorizes the statistical outlier into classes, wherein the classes are separated by a security threat decision boundary, and wherein the classes comprise;
a forward class that is a most probable security threat class, a do not send class that is a least probable security threat class, and an unknown class for entities that are on the security threat decision boundary;performing processing associated with forwarding statistical outliers categorized as unknown for additional analysis; performing processing associated with updating the security threat decision boundary based on analysist input; and performing processing associated with repeating the categorizing for the statistical outliers categorized as unknown with an updated security threat decision boundary. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
Specification