OPTIMIZING ACCURACY OF SECURITY ALERTS BASED ON DATA CLASSIFICATION

Organization Name

Microsoft Technology Licensing, LLC

Inventor(s)

Andrey Karpovsky of Kiryat Motzkin (IL)

Sagi Lowenhardt of Hertzeliya (IL)

Shimon Ezra of Petach Tikva (IL)

OPTIMIZING ACCURACY OF SECURITY ALERTS BASED ON DATA CLASSIFICATION - A simplified explanation of the abstract

This abstract first appeared for US patent application 17808481 titled 'OPTIMIZING ACCURACY OF SECURITY ALERTS BASED ON DATA CLASSIFICATION

Simplified Explanation

The patent application describes a computing system and method for training machine-learning models to detect anomalies. Here are the key points:

• The system accesses a training dataset and determines an overall sensitivity score, indicating the amount of sensitive data in the dataset.
• Machine-learning models are trained using the training dataset and the overall sensitivity score.
• The models use the overall sensitivity score to determine a threshold for anomaly detection.
• The threshold is set relatively low for datasets with a large amount of sensitive data and relatively high for datasets with a small amount of sensitive data.
• When the models receive a dataset with a second overall sensitivity score similar to the training dataset, they extract features and calculate a probability score.
• If the probability score is above the determined threshold, the models generate an alert.

Potential applications of this technology:

• Data security: The system can be used to detect anomalies in datasets containing sensitive information, helping to identify potential security breaches or unauthorized access.
• Fraud detection: By training the models on datasets with known fraudulent activities, the system can be used to detect anomalies indicative of fraudulent behavior.
• Network monitoring: The models can be applied to network traffic data to identify unusual patterns or activities that may indicate a cyber attack.

Problems solved by this technology:

• Efficient anomaly detection: The machine-learning models provide a more automated and accurate way to detect anomalies in datasets, reducing the need for manual inspection and analysis.
• Adaptability to sensitivity: By considering the overall sensitivity score, the system can adjust the anomaly detection threshold based on the level of sensitivity in the dataset, improving the accuracy of detection.

Benefits of this technology:

• Improved data security: By detecting anomalies, the system helps to protect sensitive data from unauthorized access or breaches.
• Time and cost savings: The automated anomaly detection provided by the machine-learning models reduces the need for manual inspection and analysis, saving time and resources.
• Enhanced accuracy: The models consider the overall sensitivity score to determine the threshold, resulting in more accurate detection of anomalies.

Original Abstract Submitted

A computing system and method for training one or more machine-learning models to perform anomaly detection. A training dataset is accessed. An overall sensitivity score is determined that indicates an amount of sensitive data in the training dataset. Machine-learning models are trained based on the training dataset and the overall sensitivity score. The machine-learning models use the overall sensitivity score to determine a threshold. The threshold is relatively low for datasets having a large amount of sensitive data and is relatively high for dataset having a small among of sensitive data. When executed, the machine-learning models determine if a probability score of features extracted from a received dataset are above the determined threshold when a second overall sensitivity score of the received dataset is substantially similar to the overall sensitivity score. When the probability score is above the determined threshold, the machine-learning models cause an alert to be generated.