Recommending the Most Relevant and Urgent Vulnerabilities within a Security Management System

US 20200134188A1
Filed: 10/24/2018
Published: 04/30/2020
Est. Priority Date: 10/24/2018
Status: Active Grant

First Claim

Patent Images

1. A method, in a data processing system comprising at least one processor and at least one memory, wherein the at least one memory comprises instructions executed by the at least one processor to cause the at least one processor to implement a security management system for accessing security vulnerability issue information, the method comprising:

monitoring, by the security management system, security analyst interactions with security vulnerability issues via the security management system to generate analyst interaction log data;

generating, by the security management system, one or more security analyst models corresponding to one or more security analysts by performing a machine learning operation on the analyst interaction log data;

generating, by the security management system, an analyst-issue model based on one or more security vulnerability issue models and the one or more security analyst models; and

outputting, by the security management system, an issue recommendation for a security analyst based on the analyst-issue model.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Mechanisms are provided for accessing security vulnerability issue information. The mechanisms monitor security analyst interactions with security vulnerability issues via the security management system to generate analyst interaction log data, and generate one or more security analyst models corresponding to one or more security analysts by performing a machine learning operation on the analyst interaction log data. The mechanisms generate an analyst-issue model based on the one or more security vulnerability issue models and the one or more security analyst models, and generate an issue recommendation for a security analyst based on the analyst-issue model.

11 Citations

21 Claims

1. A method, in a data processing system comprising at least one processor and at least one memory, wherein the at least one memory comprises instructions executed by the at least one processor to cause the at least one processor to implement a security management system for accessing security vulnerability issue information, the method comprising:
- monitoring, by the security management system, security analyst interactions with security vulnerability issues via the security management system to generate analyst interaction log data;
  
  generating, by the security management system, one or more security analyst models corresponding to one or more security analysts by performing a machine learning operation on the analyst interaction log data;
  
  generating, by the security management system, an analyst-issue model based on one or more security vulnerability issue models and the one or more security analyst models; and
  
  outputting, by the security management system, an issue recommendation for a security analyst based on the analyst-issue model.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - compiling, by the security management system, security vulnerability issue data from one or more computing devices of a monitored computing environment; and
      
      generating, by the security management system, the one or more security vulnerability issue models by performing a machine learning operation on the compiled security vulnerability issue data.
  - 3. The method of claim 2, wherein generating one or more security vulnerability issue models comprises performing a frequent pattern discovery operation on the security vulnerability issue data to identify co-occurring or dependent security vulnerabilities that occur at least a threshold number of times in the security vulnerability issue data.
  - 4. The method of claim 3, wherein generating one or more security vulnerability issue models comprises performing a low-dimensional security issue embedding on frequent patterns of security issues identified by the frequent pattern discovery operation.
  - 5. The method of claim 1, wherein monitoring security analyst interactions with security vulnerability issues via the security management system to generate analyst interaction log data comprises, for each analyst in a plurality of analysts:
    - identifying first types of security vulnerability issues viewed by the analyst via the security management system;
      
      identifying second types of security vulnerability issues resolved by the analyst via the security management system; and
      
      storing entries, corresponding to the analyst, in the analyst interaction log data identifying the first type of issues and second type of issues.
  - 6. The method of claim 5, wherein generating an analyst issue model comprises, for each analyst in a plurality of analysts:
    - identifying matching security vulnerability issues in the one or more security vulnerability issue models that have types corresponding to at least one of the first types or second types of security vulnerability issues stored in the analyst interaction log data for the analyst; and
      
      generating, in the analyst issue model, an analyst-issue link for the identified matching security vulnerability issues.
  - 7. The method of claim 5, wherein generating the analyst issue model comprises, for each security vulnerability issue in the security vulnerability issue models:
    - identifying one or more co-occurring or dependent security vulnerability issues; and
      
      generating an issue-issue link for the identified one or more co-occurring or dependent security vulnerability issues in the analyst issue model.
  - 8. The method of claim 5, wherein generating the analyst issue model comprises, for each analyst in the plurality of analysts:
    - identifying one or more similar analysts based on similar first or second types of security vulnerability issues associated with the analysist interaction log data corresponding to the analysts in the plurality of analysts; and
      
      generating an analyst-analyst link for the identified one or more similar analysts in the analyst issue model.
  - 9. The method of claim 1, wherein generating an issue recommendation for a security analyst based on the analyst-issue model further comprises:
    - receiving, from a security analyst via a client computing device, a user input specifying at least one of a feature of an issue for searching security vulnerability issues in the security vulnerability issue data or a selection of an issue from an issue listing;
      
      searching the analyst-issue model for security vulnerability issues in the security vulnerability issue data corresponding to the feature or the selected issue and the security analyst, to thereby generate matched security vulnerability issues; and
      
      generating an issue recommendation for the security analyst based on the matched security vulnerability issues.
  - 10. The method of claim 9, wherein generating an issue recommendation for a security analyst based on the matched security vulnerability issues further comprises prioritizing the matched security vulnerability issues according to criticality of the matched security vulnerability issues.

11. A computer program product comprising a computer readable storage medium having a computer readable program stored therein, wherein the computer readable program, when executed on a computing device, causes the computing device to implement a security management system for accessing security vulnerability issue information, and causes the security management system to:
- monitor security analyst interactions with security vulnerability issues via the security management system to generate analyst interaction log data;
  
  generate one or more security analyst models corresponding to one or more security analysts by performing a machine learning operation on the analyst interaction log data;
  
  generate an analyst-issue model based on the one or more security vulnerability issue models and the one or more security analyst models; and
  
  output an issue recommendation for a security analyst based on the analyst-issue model.
- View Dependent Claims (12, 13, 14, 15, 17, 18, 19, 20)
- - 12. The computer program product of claim 11, wherein the computer readable program further causes the security management system to:
    - compile security vulnerability issue data from one or more computing devices of a monitored computing environment; and
      
      generate one or more security vulnerability issue models by performing a machine learning operation on the compiled security vulnerability issue data.
  - 13. The computer program product of claim 12, wherein the computer readable program further causes the security management system to generate one or more security vulnerability issue models at least by performing a frequent pattern discovery operation on the security vulnerability issue data to identify co-occurring or dependent security vulnerabilities that occur at least a threshold number of times in the security vulnerability issue data.
  - 14. The computer program product of claim 13, wherein the computer readable program further causes the security management system to generate one or more security vulnerability issue models at least by performing a low-dimensional security issue embedding on frequent patterns of security issues identified by the frequent pattern discovery operation.
  - 15. The computer program product of claim 11, wherein the computer readable program further causes the security management system to monitor security analyst interactions with security vulnerability issues via the security management system to generate analyst interaction log data at least by, for each analyst in a plurality of analysts:
    - identifying first types of security vulnerability issues viewed by the analyst via the security management system;
      
      identifying second types of security vulnerability issues resolved by the analyst via the security management system; and
      
      storing entries, corresponding to the analyst, in the analyst interaction log data identifying the first type of issues and second type of issues.
  - 17. The computer program product of claim 15, wherein the computer readable program further causes the security management system to generate the analyst issue model at least by, for each security vulnerability issue in the security vulnerability issue models:
    - identifying one or more co-occurring or dependent security vulnerability issues; and
      
      generating an issue-issue link for the identified one or more co-occurring or dependent security vulnerability issues in the analyst issue model.
  - 18. The computer program product of claim 15, wherein the computer readable program further causes the security management system to generate the analyst issue model at least by, for each analyst in the plurality of analysts:
    - identifying one or more similar analysts based on similar first or second types of security vulnerability issues associated with the analysist interaction log data corresponding to the analysts in the plurality of analysts; and
      
      generating an analyst-analyst link for the identified one or more similar analysts in the analyst issue model.
  - 19. The computer program product of claim 11, wherein the computer readable program further causes the security management system to output an issue recommendation for a security analyst based on the analyst-issue model further at least by:
    - receiving, from a security analyst via a client computing device, a user input specifying at least one of a feature of an issue for searching security vulnerability issues in the security vulnerability issue data or a selection of an issue from an issue listing;
      
      searching the analyst-issue model for security vulnerability issues in the security vulnerability issue data corresponding to the feature or the selected issue and the security analyst, to thereby generate matched security vulnerability issues; and
      
      generating an issue recommendation for the security analyst based on the matched security vulnerability issues.
  - 20. The method of claim 19, wherein the computer readable program further causes the security management system to generate an issue recommendation for a security analyst based on the matched security vulnerability issues at least by prioritizing the matched security vulnerability issues according to criticality of the matched security vulnerability issues.

16. The computer program product of 15, wherein the computer readable program further causes the security management system to generate an analyst issue model at least by, for each analyst in a plurality of analysts:
- identifying matching security vulnerability issues in the one or more security vulnerability issue models that have types corresponding to at least one of the first types or second types of security vulnerability issues stored in the analyst interaction log data for the analyst; and
  
  generating, in the analyst issue model, an analyst-issue link for the identified matching security vulnerability issues.

21. An apparatus comprising:
- a processor; and
  
  a memory coupled to the processor, wherein the memory comprises instructions which, when executed by the processor, cause the processor to implement a security management system for accessing security vulnerability issue information, and causes the security management system to;
  
  monitor security analyst interactions with security vulnerability issues via the security management system to generate analyst interaction log data;
  
  generate one or more security analyst models corresponding to one or more security analysts by performing a machine learning operation on the analyst interaction log data;
  
  generate an analyst-issue model based on the one or more security vulnerability issue models and the one or more security analyst models; and
  
  generate an issue recommendation for a security analyst based on the analyst-issue model.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Bagheri, Ebrahim, Barouni Ebrahimi, Mohammadreza, Bayat, Samaneh, Noorian, Zeinab

Granted Patent

US 11,030,322 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

G06N 3/045   Combinations of networks

G06N 3/08   Learning methods

G06N 5/02   Knowledge representation; S...

Recommending the Most Relevant and Urgent Vulnerabilities within a Security Management System

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

11 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Recommending the Most Relevant and Urgent Vulnerabilities within a Security Management System

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links