COPULA OPTIMIZATION METHOD AND APPARATUS FOR IDENTIFYING AND DETECTING THREATS TO AN ENTERPRISE OR E-COMMERCE SYSTEM AND OTHER APPLICATIONS
First Claim
1. A method for identifying and detecting threats to an enterprise or e-commerce system, the method comprising:
- grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources and/or from incoming data traffic to the enterprise or e-commerce system;
extracting one or more features from the grouped log lines into one or more features tables;
using one or more statistical models on the one or more features tables to identify statistical outliers; and
for the Copula statistical model, estimating the marginal probability distribution of a feature using a nonparametric kernel density determination using a Gaussian kernel estimation step, said Gaussian kernel estimation step comprising the step of setting a bandwidth of said Gaussian kernel, and further setting said bandwidth using a Scott'"'"'s rule of thumb bandwidth setting process.
4 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatuses employing copula optimization in building multivariate statistical models for identifying and detecting threats to an enterprise or e-commerce system are disclosed, including grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources and/or from incoming data traffic to the enterprise or e-commerce system; extracting one or more features from the grouped log lines into one or more features tables; using one or more statistical models on the one or more features tables to identify statistical outliers and using the one or more rules on incoming enterprise or e-commerce system data traffic to detect threats to the enterprise or e-commerce system. Other embodiments are described and claimed.
-
Citations
15 Claims
-
1. A method for identifying and detecting threats to an enterprise or e-commerce system, the method comprising:
-
grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources and/or from incoming data traffic to the enterprise or e-commerce system; extracting one or more features from the grouped log lines into one or more features tables; using one or more statistical models on the one or more features tables to identify statistical outliers; and for the Copula statistical model, estimating the marginal probability distribution of a feature using a nonparametric kernel density determination using a Gaussian kernel estimation step, said Gaussian kernel estimation step comprising the step of setting a bandwidth of said Gaussian kernel, and further setting said bandwidth using a Scott'"'"'s rule of thumb bandwidth setting process. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for identifying and detecting threats to an enterprise or e-commerce system, comprising:
-
a processor memory for storing instructions for identifying and detecting threats to an enterprise or e-commerce system; a computer process for executing said instructions for identifying and detecting threats to an enterprise or e-commerce system, said instructions comprising; instructions for grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources and/or from incoming data traffic to the enterprise or e-commerce system; instructions for extracting one or more features from the grouped log lines into one or more features tables; instructions for using one or more statistical models on the one or more features tables to identify statistical outliers; and instructions for applying a Copula statistical model for estimating the marginal probability distribution of a feature using a nonparametric kernel density determination using a Gaussian kernel estimation step, said Gaussian kernel estimation step comprising the step of setting a bandwidth of said Gaussian kernel, and further setting said bandwidth using a Scott'"'"'s rule of thumb bandwidth setting process. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A networked enterprise or e-commerce system comprising a system for identifying and detecting threats to an enterprise or e-commerce system, comprising:
-
a plurality of computing systems networked over a common communications network for communicating with one another in a secure computing environment; a system for identifying and detecting threats to said enterprise or e-commerce system, comprising; a processor memory for storing instructions for identifying and detecting threats to an enterprise or e-commerce system; a computer process for executing said instructions for identifying and detecting threats to an enterprise or e-commerce system, said instructions comprising; instructions for grouping log lines belonging to one or more log line parameters from one or more enterprise or e-commerce system data sources and/or from incoming data traffic to the enterprise or e-commerce system; instructions for extracting one or more features from the grouped log lines into one or more features tables; instructions for using one or more statistical models on the one or more features tables to identify statistical outliers; and instructions for applying a Copula statistical model for estimating the marginal probability distribution of a feature using a nonparametric kernel density determination using a Gaussian kernel estimation step, said Gaussian kernel estimation step comprising the step of setting a bandwidth of said Gaussian kernel, and further setting said bandwidth using a Scott'"'"'s rule of thumb bandwidth setting process. - View Dependent Claims (12, 13, 14, 15)
-
Specification