SYSTEM AND METHOD TO DETECT THREATS TO COMPUTER BASED DEVICES AND SYSTEMS
First Claim
1. A method for detecting a threat of a computing system, the method comprising:
- receiving a plurality of instances of input data from at least one sensor;
generating at least one feature vector based upon at least one instance of the plurality of instances of input data;
sending the at least one feature vector to a model training component, wherein the model training component includes a plurality of threat assessment models;
determining a threat assessment score for the at least one feature vector, wherein determining the threat assessment score comprises combining information associated with the plurality of instances of input data using the plurality of threat assessment models;
assigning a threat assignment to the at least one instance of input data based on the determined threat assessment score; and
disseminating the threat assignment and the threat assessment score.
8 Assignments
0 Petitions
Accused Products
Abstract
Aspects of the present disclosure relate to systems and methods for detecting a threat of a computing system. In one aspect, a plurality of instances of input data may be received from at least one sensor. A feature vector based upon at least one instance of the plurality of instances of input data may be generated. The feature vector may be sent to a classifier component, where a threat assessment score is determined for the feature vector. The threat assessment score may be determined by combining information associated with the plurality of instances of input data. A threat assignment may be assigned to the at least one instance of data based on the determined threat assessment score. The threat assignment and threat assessment score may be disseminated.
-
Citations
20 Claims
-
1. A method for detecting a threat of a computing system, the method comprising:
-
receiving a plurality of instances of input data from at least one sensor; generating at least one feature vector based upon at least one instance of the plurality of instances of input data; sending the at least one feature vector to a model training component, wherein the model training component includes a plurality of threat assessment models; determining a threat assessment score for the at least one feature vector, wherein determining the threat assessment score comprises combining information associated with the plurality of instances of input data using the plurality of threat assessment models; assigning a threat assignment to the at least one instance of input data based on the determined threat assessment score; and disseminating the threat assignment and the threat assessment score. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 11, 12, 13, 14, 17)
-
-
9. A computer storage medium encoding computer executable instructions that, when executed by at least one processor, perform a method for detecting a threat of a computing system, the method comprising:
-
receiving a plurality of instances of input data from at least one sensor; generating at least one feature vector based upon at least one instance of the plurality of instances of input data; sending the at least one feature vector to a model training component, wherein the model training component includes a plurality of threat assessment models; determining a threat assessment score for the at least one feature vector, wherein determining the threat assessment score comprises combining information associated with the plurality of instances of input data using the plurality of threat assessment models; when the threat assessment score is above a first predetermined threshold value or below a second predetermined threshold value, automatically assigning a threat assignment to the at least one instance based on the determined threat assessment score; and disseminating the threat assignment and the threat assessment score. - View Dependent Claims (10, 15, 16)
-
-
18. A system comprising:
-
at least one processor; and memory encoding computer executable instructions that, when executed by the at least one processor, perform a method for detecting a threat of a computing system, the method comprising; receiving a plurality of instances of input data from at least one sensor; generating at least one feature vector based upon at least one instance of the plurality of instances of input data; determining whether the at least one instance of input data has a threat assignment; when the at least one instance of input data has a threat assignment, sending the threat assignment and the at least one generated feature vector to a threat assignment dissemination component; when the at least one instance of input data does not have a threat assignment; sending the at least one generated feature vector to a model training component, wherein the model training component includes a plurality of threat assessment models; determining a threat assessment score for the at least one feature vector, wherein determining the threat assessment score comprises combining information associated with the plurality of instances of input data using the plurality of threat assessment models; automatically assigning a threat assignment to the at least one instance of input data based on the determined threat assessment score; and disseminating the threat assignment and the threat assessment score. - View Dependent Claims (19, 20)
-
Specification