| 发明名称 |
PROBABILISTIC SUFFIX TREES FOR NETWORK SECURITY ANALYSIS |
| 摘要 |
A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly. |
| 申请公布号 |
US2017063887(A1) |
申请公布日期 |
2017.03.02 |
| 申请号 |
US201514929132 |
申请日期 |
2015.10.30 |
| 申请人 |
Splunk Inc. |
发明人 |
Muddu Sudhakar;Tryfonas Christos;Iliofotou Marios |
| 分类号 |
H04L29/06;G06N99/00 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method comprising:
receiving a sequence of event feature sets corresponding to a sequence of events, wherein the event feature sets are derived from raw event machine data recorded in a computer network; measuring an anomaly count within a target event window by processing the sequence of event feature sets through an event sequence prediction model to increase the anomaly count when the event sequence prediction model identifies an event feature set within the target event window as corresponding to an anomalous event, wherein the event sequence prediction model is a machine learning model; identifying the target event window as containing a suspicious series of events by determining whether the anomaly count is beyond a baseline; and generating a computer security threat indicator or a computer security anomaly indicator based on the identification of the suspicious series of events. |
| 地址 |
San Francisco CA US |
