| 发明名称 | Adaptive cyber-security analytics | ||
| 摘要 | Performing adaptive cyber-security analytics including a computer implemented method that includes receiving a report on a network activity. A score responsive to the network activity and to a scoring model is computed at a computer. The score indicates a likelihood of a security violation. The score is validated and the scoring model is automatically updated responsive to results of the validating. The network activity is reported as suspicious in response to the score being within a threshold of a security violation value. | ||
| 申请公布号 | US9032521(B2) | 申请公布日期 | 2015.05.12 |
| 申请号 | US201012903525 | 申请日期 | 2010.10.13 |
| 申请人 | International Business Machines Corporation | 发明人 | Amini Lisa;Christodorescu Mihai;Cohen Mitchell A.;Parthasarathy Srinivasan;Rao Josyula;Sailer Reiner;Schales Douglas L.;Venema Wietse Z.;Verscheure Oliver |
| 分类号 | H04L29/06 | 主分类号 | H04L29/06 |
| 代理机构 | Cantor Colburn LLP | 代理人 | Cantor Colburn LLP |
| 主权项 | 1. A computer implemented method for performing security analytics, the method comprising: receiving a report on a network activity in a network; calculating, at a computer, a score responsive to the network activity and to a scoring model, the score indicating a likelihood of a security violation; validating the score, wherein validating includes probing of one or more hosts in the network and determining if the security violation is a true alert or a false positive; automatically updating the scoring model responsive to determining that the security violation is a true alert; and reporting the network activity as suspicious in response to the score being within a threshold of a security violation value. | ||
| 地址 | Armonk NY US | ||