System and method for predicting impending cyber security events using multi channel behavioral analysis in a distributed computing environment
First Claim
Patent Images
1. A method for predicting the likelihood future security threats in distributed computing environment comprising the steps of:
- a main server entity communicating with a plurality of decision engines and a plurality of correlation engines;
a communication engine communicating with the main server;
the communication engine communicating with one or more third parties, wherein the one or more third parties comprises one or more data points, wherein the one or more data points comprise a plurality of user data and event data;
a deep learning engine receiving outputs from multiple simulation runs using sequential game theory against the one or more data points, wherein the event data is selected from the group consisting of temporal, geographic, social, financial and linguistic data;
the deep learning engine predicting a first occurrence of a security event, wherein predicting the first occurrence of a security event is based on the receiving the outputs from the multiple simulation runs;
building a plurality of semantic graphs based on the communicating with correlation engines;
a plurality of distributed networked agents collecting event and attribute data for the main server entity, the plurality of correlation server engines, and the plurality of decision engines, wherein the plurality of distributed networked agents are maintained on local servers; and
a defined protocol initiating and maintaining secure communication between the main server, the plurality of distributed networked agents, the plurality of correlation engines, the plurality of decision engines and the communication engine;
forecasting an arrival time of the impending security threat by incorporating temporal data in a prediction process, wherein the prediction process comprises;
discovering said agent servers;
determining an available processing bandwidth of the main server, agents, decision engines, and correlation engines;
registering said main server and available agent server with registration entity;
correlating event and attribute data from unstructured data sources;
collecting log data;
normalizing and tokenize the log data;
generating semantic graphs of the log and the attribute data; and
deciding on the likelihood of an event using the sequential game theory.
0 Assignments
0 Petitions
Accused Products
Abstract
Multi channel distributed behavioral analysis architecture provides a software solution to the major operational challenges faced with providing an early warning system for impending cyber security events. Most cyber security events are premeditated. However, many current cyber security defense technologies only address the real-time detection of a software vulnerability, the presence of malware (known or unknown “zero day”), anomalies from pre-established data points, or the signature of an active security event. The system and method of the multi channel distributed behavioral analysis architecture introduces a technique which provides the data collection, assessment, and alerting ability prior to the occurrence of an event based on threat actor behavior.
-
Citations
4 Claims
-
1. A method for predicting the likelihood future security threats in distributed computing environment comprising the steps of:
-
a main server entity communicating with a plurality of decision engines and a plurality of correlation engines; a communication engine communicating with the main server; the communication engine communicating with one or more third parties, wherein the one or more third parties comprises one or more data points, wherein the one or more data points comprise a plurality of user data and event data; a deep learning engine receiving outputs from multiple simulation runs using sequential game theory against the one or more data points, wherein the event data is selected from the group consisting of temporal, geographic, social, financial and linguistic data; the deep learning engine predicting a first occurrence of a security event, wherein predicting the first occurrence of a security event is based on the receiving the outputs from the multiple simulation runs; building a plurality of semantic graphs based on the communicating with correlation engines; a plurality of distributed networked agents collecting event and attribute data for the main server entity, the plurality of correlation server engines, and the plurality of decision engines, wherein the plurality of distributed networked agents are maintained on local servers; and a defined protocol initiating and maintaining secure communication between the main server, the plurality of distributed networked agents, the plurality of correlation engines, the plurality of decision engines and the communication engine; forecasting an arrival time of the impending security threat by incorporating temporal data in a prediction process, wherein the prediction process comprises; discovering said agent servers; determining an available processing bandwidth of the main server, agents, decision engines, and correlation engines; registering said main server and available agent server with registration entity; correlating event and attribute data from unstructured data sources; collecting log data; normalizing and tokenize the log data; generating semantic graphs of the log and the attribute data; and deciding on the likelihood of an event using the sequential game theory. - View Dependent Claims (2, 3, 4)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeZitovault, Inc.
-
Original AssigneeZitovault, Inc.
-
InventorsEllis, Alonzo, McELwee, Tim
-
Primary Examiner(s)Waliullah, Mohammed
-
Application NumberUS14/672,869Publication NumberTime in Patent Office722 DaysField of Search726 22- 25US Class Current1/1CPC Class CodesG06F 16/9024 Graphs; Linked lists G06F16...G06F 21/52 during program execution, e...G06F 21/554 involving event detection a...G06F 21/577 Assessing vulnerabilities a...G06Q 30/018 Certifying business or prod...G06Q 30/0185 Product, service or busines...H04L 63/0227 Filtering policies mail mes...H04L 63/14 for detecting or protecting...H04L 63/1416 Event detection, e.g. attac...H04L 63/1425 Traffic logging, e.g. anoma...H04L 63/1433 Vulnerability analysisH04L 63/1441 Countermeasures against mal...H04L 63/20 for managing network securi...
