Identifying security breaches from clustering properties

Rosa Miroshnikov; Oded Sofer; Allon Adir; Ehud Aharoni; Lev Greenberg; Oded Margalit; Rosa Miroshnikov; Oded Sofer; Boris Rozenberg; Allon Adir; Ehud Aharoni; Lev Greenberg

Identifying security breaches from clustering properties

Rosa Miroshnikov (Inventor), Oded Sofer (Inventor), Allon Adir (Inventor), Ehud Aharoni (Inventor), Lev Greenberg (Inventor), Oded Margalit (Inventor), Rosa Miroshnikov (Inventor), Oded Sofer (Inventor), Boris Rozenberg (Inventor), Allon Adir (Inventor), Ehud Aharoni (Inventor), Lev Greenberg (Inventor)

Department of Computer Science

Research output: Patent

Abstract

Embodiments of the present invention may provide the capability to identify security breaches in computer systems from clustering properties of clusters generated based on monitored behavior of users of the computer systems by using techniques that provide improved performance and reduced resource requirements. For example, behavior of users or resources may be monitored and analyzed to generate clusters and train clustering models. Labeling information relating to some user or resource may be received. When users or resources are clustered and when a cluster contains some labeled users/resources then an anomaly score can be determined for a user/resource belonging to the cluster. A user or resource may be detected to be an outlier of at least one cluster to which the user or resource has been assigned, and an alert indicating detection of the outlier may be generated.

Original language	English
Patent number	US2017295189
IPC	G06N 99/ 00 A I
Priority date	11/04/16
State	Published - 12 Oct 2017

Cite this

@misc{319505d4890c47d8ba2d7070022024ab,

title = "Identifying security breaches from clustering properties",

abstract = "Embodiments of the present invention may provide the capability to identify security breaches in computer systems from clustering properties of clusters generated based on monitored behavior of users of the computer systems by using techniques that provide improved performance and reduced resource requirements. For example, behavior of users or resources may be monitored and analyzed to generate clusters and train clustering models. Labeling information relating to some user or resource may be received. When users or resources are clustered and when a cluster contains some labeled users/resources then an anomaly score can be determined for a user/resource belonging to the cluster. A user or resource may be detected to be an outlier of at least one cluster to which the user or resource has been assigned, and an alert indicating detection of the outlier may be generated.",

author = "Rosa Miroshnikov and Oded Sofer and Allon Adir and Ehud Aharoni and Lev Greenberg and Oded Margalit and Rosa Miroshnikov and Oded Sofer and Boris Rozenberg and Allon Adir and Ehud Aharoni and Lev Greenberg",

year = "2017",

month = oct,

day = "12",

language = "English",

type = "Patent",

note = "US2017295189; G06N 99/ 00 A I",

}

TY - PAT

T1 - Identifying security breaches from clustering properties

AU - Miroshnikov, Rosa

AU - Sofer, Oded

AU - Adir, Allon

AU - Aharoni, Ehud

AU - Greenberg, Lev

AU - Margalit, Oded

AU - Miroshnikov, Rosa

AU - Sofer, Oded

AU - Rozenberg, Boris

AU - Adir, Allon

AU - Aharoni, Ehud

AU - Greenberg, Lev

PY - 2017/10/12

Y1 - 2017/10/12

N2 - Embodiments of the present invention may provide the capability to identify security breaches in computer systems from clustering properties of clusters generated based on monitored behavior of users of the computer systems by using techniques that provide improved performance and reduced resource requirements. For example, behavior of users or resources may be monitored and analyzed to generate clusters and train clustering models. Labeling information relating to some user or resource may be received. When users or resources are clustered and when a cluster contains some labeled users/resources then an anomaly score can be determined for a user/resource belonging to the cluster. A user or resource may be detected to be an outlier of at least one cluster to which the user or resource has been assigned, and an alert indicating detection of the outlier may be generated.

AB - Embodiments of the present invention may provide the capability to identify security breaches in computer systems from clustering properties of clusters generated based on monitored behavior of users of the computer systems by using techniques that provide improved performance and reduced resource requirements. For example, behavior of users or resources may be monitored and analyzed to generate clusters and train clustering models. Labeling information relating to some user or resource may be received. When users or resources are clustered and when a cluster contains some labeled users/resources then an anomaly score can be determined for a user/resource belonging to the cluster. A user or resource may be detected to be an outlier of at least one cluster to which the user or resource has been assigned, and an alert indicating detection of the outlier may be generated.

M3 - Patent

M1 - US2017295189

ER -

Identifying security breaches from clustering properties

Abstract

Fingerprint

Cite this