FEATURE SELECTION FOR CYBERSECURITY THREAT DISPOSITION

Organization Name

INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor(s)

Gary I. Givental of Bloomfield Hills MI (US)

Joel Rajakumar of Atlanta GA (US)

Aankur Bhatia of Bethpage NY (US)

FEATURE SELECTION FOR CYBERSECURITY THREAT DISPOSITION - A simplified explanation of the abstract

This abstract first appeared for US patent application 17643619 titled 'FEATURE SELECTION FOR CYBERSECURITY THREAT DISPOSITION

Simplified Explanation

The patent application describes a method, apparatus, and computer program for selecting features and machine learning models to accurately determine the threat level of a security alert.

• The method involves training a base machine learning model and analyzing the impact of features in the training dataset on the model's predictions of threat disposition.
• Subsets of features are created based on threat dispositions by identifying common features and impacts.
• Multiple machine learning models and a feature predictor are trained using the subsets and the training dataset.
• For a new input data instance, the method selects the relevant features from the input and chooses a trained machine learning model based on the selected features.

Potential Applications

• Cybersecurity: This technology can be applied in security systems to accurately determine the threat level of security alerts, helping to identify and respond to potential threats more effectively.

Problems Solved

• Feature selection: The method dynamically selects the most relevant features for determining threat disposition, improving the accuracy of the predictions.
• Model selection: By training multiple machine learning models and selecting the most appropriate one based on the selected features, the method ensures optimal accuracy in threat determination.

Benefits

• Improved accuracy: By selecting the most relevant features and machine learning models, the method enhances the accuracy of threat disposition predictions.
• Dynamic adaptation: The method dynamically adjusts the feature selection and model choice based on the input data, allowing for better adaptation to changing threat landscapes.

Original Abstract Submitted

An apparatus, a method, and a computer program product are provided that dynamically selects features and machine learning models for optimal accuracy when determining a threat disposition of a security alert. The method includes training a base machine learning model, determining impacts that features in the training dataset have on the trained base machine learning model when predicting threat disposition on security threats, and creating subsets of the features, based on threat dispositions, by analyzing the features with their corresponding impacts and placing common features and impacts into each subset of the subsets. The method also includes training a plurality of machine learning models and a machine learning feature predictor using the training dataset and the subsets. The method further includes selecting, for a new input data instance, the selected features from the new input data instance and selecting a trained machine learning model trained based on the selected features.