IDENTIFYING RELATIONSHIPS IN DATA

Organization Name

BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY

Inventor(s)

Robert Hercock of London (GB)

Jonathan Roscoe of London (GB)

IDENTIFYING RELATIONSHIPS IN DATA - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240045962 titled 'IDENTIFYING RELATIONSHIPS IN DATA

Simplified Explanation

The abstract describes a computer-implemented method for clustering computer systems to identify systems that are experiencing a common security occurrence. The method involves receiving data records from each computer system, generating vector embeddings for each data field in each record, evaluating the distance of each vector embedding from a reference vector to measure semantic distance, identifying similar data records based on the similarity of vector embeddings, and defining clusters of computer systems associated with the similar data records to apply protective measures.

• The method clusters computer systems based on their data records to identify systems experiencing a common security occurrence.
• Data records from each computer system are received and analyzed.
• Vector embeddings are generated for each data field in each record.
• The distance of each vector embedding from a reference vector is evaluated to measure semantic distance.
• Similar data records are identified based on the similarity of vector embeddings.
• Clusters of computer systems are defined based on the similar data records.
• Protective measures can then be applied to the computer systems in each cluster.

Potential applications of this technology:

• Cybersecurity: This method can be used to identify and respond to security incidents or attacks affecting multiple computer systems.
• Network monitoring: It can help in monitoring and detecting abnormal behavior or patterns across a network of computer systems.
• Incident response: The clustering of computer systems can aid in coordinating incident response efforts and applying protective measures efficiently.

Problems solved by this technology:

• Identifying common security occurrences: The method helps in identifying computer systems that are experiencing the same security event or occurrence.
• Efficient response: By clustering the affected systems, protective measures can be applied more efficiently, reducing the impact of security incidents.
• Pattern recognition: The method utilizes vector embeddings and semantic distance evaluation to identify similar data records, enabling the detection of patterns and anomalies.

Benefits of this technology:

• Enhanced security: By identifying and clustering systems experiencing a common security occurrence, protective measures can be applied promptly, reducing the potential damage.
• Efficient resource allocation: Clustering allows for the efficient allocation of resources for incident response, focusing efforts on the affected systems.
• Improved incident response coordination: The method facilitates better coordination and collaboration among teams involved in incident response, leading to faster resolution of security incidents.

Original Abstract Submitted

a computer implemented method of clustering computer systems in a plurality of systems to identify computer systems being subject to a common security occurrence, each computer system generating data records corresponding to security events in respect the systems, the method comprising: receiving a set of one or more data records associated with each computer system, each record including a sequence of data fields; generate a vector embedding for each data field in each record; evaluate a distance of each vector embedding from a reference vector as an indicator of semantic distance; identifying similar data records based on a measure of a degree of similarity of the distances of vector embeddings for each record; defining a cluster of computer systems including computer systems associated with the similar data records for applying protective measures to the computer systems in the cluster.