Computer-implemented modeling systems and methods for analyzing and predicting computer network intrusions
First Claim
Patent Images
1. A computer-implemented method for analyzing activities associated with accessing a computer network, comprising:
- receiving, using one or more processors, network activity data including one or more activities associated with accessing a computer network;
segmenting, using the one or more processors, the network activity data into a plurality of network activity segments; and
generating, using the one or more processors, an anomaly detection predictive model for each network activity segment, wherein each anomaly detection predictive model is used to generate one or more segment scores for a corresponding network activity segment, and wherein each anomaly detection predictive model is used to analyze the one or more segment scores for the corresponding network activity segment over time.
1 Assignment
0 Petitions
Accused Products
Abstract
Computer-implemented systems and methods for analyzing activities associated with accesses of a computer network. A computer-implemented method can be configured to receive data related to the activities associated with the accesses of a computer network. The network activities data are segmented into a plurality of network activities segments. For each of the network activities segments, an anomaly detection predictive model is generated. The generated predictive models are for use in analyzing the activities associated with the computer network.
310 Citations
27 Claims
-
1. A computer-implemented method for analyzing activities associated with accessing a computer network, comprising:
-
receiving, using one or more processors, network activity data including one or more activities associated with accessing a computer network; segmenting, using the one or more processors, the network activity data into a plurality of network activity segments; and generating, using the one or more processors, an anomaly detection predictive model for each network activity segment, wherein each anomaly detection predictive model is used to generate one or more segment scores for a corresponding network activity segment, and wherein each anomaly detection predictive model is used to analyze the one or more segment scores for the corresponding network activity segment over time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system, comprising:
-
one or more processors; a computer-readable storage medium containing instructions configured to cause the one or more processors to perform operations, including; receiving network activity data including one or more activities associated with accessing a computer network; segmenting the network activity data into a plurality of network activity segments; and generating an anomaly detection predictive model for each network activity segment, wherein each anomaly detection predictive model is used to generate one or more segment scores for a corresponding network activity segment, and wherein each anomaly detection predictive model is used to analyze the one or more segment scores for the corresponding network activity segment over time.
-
-
21. A computer-program product, tangibly embodied in a machine-readable storage medium, including instructions configured to cause a data processing apparatus to:
-
receive network activity data including one or more activities associated with accessing a computer network; segment the network activity data into a plurality of network activity segments; and generate an anomaly detection predictive model for each network activity segment, wherein each anomaly detection predictive model is used to generate one or more segment scores for a corresponding network activity segment, and wherein each anomaly detection predictive model is used to analyze the one or more segment scores for the corresponding network activity segment over time.
-
-
22. A method, comprising:
-
receiving, using one or more processors, network activity data including one or more activities associated with accessing a computer network; generating, using the one or more processors, a plurality of time-based derived variables using time series analysis; segmenting, using the one or more processors, the network activity data into a plurality of network activity segments, wherein segmenting is based upon the time-based derived variables; and generating, using the one or more processors, an anomaly detection predictive model for each network activity segment, wherein each anomaly detection predictive model is used to analyze the network activity data.
-
-
23. A system, comprising:
-
one or more processors; a computer-readable storage medium containing instructions configured to cause the one or more processors to perform operations, including; receiving network activity data including one or more activities associated with accessing a computer network; generating a plurality of time-based derived variables using time series analysis; segmenting the network activity data into a plurality of network activity segments, wherein segmenting is based upon the time-based derived variables; and generating an anomaly detection predictive model for each network activity segment, wherein each anomaly detection predictive model is used to analyze the network activity data.
-
-
24. A computer-program product, tangibly embodied in a machine-readable storage medium, including instructions configured to cause a data processing apparatus to:
-
receive network activity data including one or more activities associated with accessing a computer network; generate a plurality of time-based derived variables using time series analysis; segment the network activity data into a plurality of network activity segments, wherein segmenting is based upon the time-based derived variables; and generate an anomaly detection predictive model for each network activity segment, wherein each anomaly detection predictive model is used to analyze the network activity data.
-
-
25. A method, comprising:
-
receiving, using one or more processors, network activity data including one or more activities associated with accessing a computer network; generating, using the one or more processors, a plurality of non-time based derived variables; segmenting, using the one or more processors, the network activity data into a plurality of network activity segments, wherein segmenting is based upon the non-time based derived variables; and generating, using the one or more processors, an anomaly detection predictive model for each network activity segment, wherein each anomaly detection predictive model is used to analyze the network activity data.
-
-
26. A system, comprising:
-
one or more processors; a computer-readable storage medium containing instructions configured to cause the one or more processors to perform operations, including; receiving network activity data including one or more activities associated with accessing a computer network; generating a plurality of non-time based derived variables; segmenting the network activity data into a plurality of network activity segments, wherein segmenting is based upon the non-time based derived variables; and generating an anomaly detection predictive model for each network activity segment, wherein each anomaly detection predictive model is used to analyze the network activity data.
-
-
27. A computer-program product, tangibly embodied in a machine-readable storage medium, including instructions configured to cause a data processing apparatus to:
-
receive network activity data including one or more activities associated with accessing a computer network; generate a plurality of non-time based derived variables; segment the network activity data into a plurality of network activity segments, wherein segmenting is based upon the non-time based derived variables; and generate an anomaly detection predictive model for each network activity segment, wherein each anomaly detection predictive model is used to analyze the network activity data.
-
Specification