Identifying security breaches from clustering properties

Rosa Miroshnikov (Inventor), Oded Sofer (Inventor), Allon Adir (Inventor), Ehud Aharoni (Inventor), Lev Greenberg (Inventor), Oded Margalit (Inventor), Rosa Miroshnikov (Inventor), Oded Sofer (Inventor), Boris Rozenberg (Inventor), Allon Adir (Inventor), Ehud Aharoni (Inventor), Lev Greenberg (Inventor)

Research output: Patent


Embodiments of the present invention may provide the capability to identify security breaches in computer systems from clustering properties of clusters generated based on monitored behavior of users of the computer systems by using techniques that provide improved performance and reduced resource requirements. For example, behavior of users or resources may be monitored and analyzed to generate clusters and train clustering models. Labeling information relating to some user or resource may be received. When users or resources are clustered and when a cluster contains some labeled users/resources then an anomaly score can be determined for a user/resource belonging to the cluster. A user or resource may be detected to be an outlier of at least one cluster to which the user or resource has been assigned, and an alert indicating detection of the outlier may be generated.

Original languageEnglish
Patent numberUS2017295189
IPCG06N 99/ 00 A I
Priority date11/04/16
StatePublished - 12 Oct 2017


Dive into the research topics of 'Identifying security breaches from clustering properties'. Together they form a unique fingerprint.

Cite this