SECURITY-RELATED EVENT ANOMALY DETECTION

Abstract: the technology relates to machine responses to anomalies detected using machine learning based anomaly detection. in particular, to receiving evaluations of production events, prepared using activity models constructed on per-tenant and per-user basis using an online streaming machine learner that transforms an unsupervised learning problem into a supervised learning problem by fixing a target label and learning a regressor without a constant or intercept. further, to responding to detected anomalies in near real-time streams of security-related events of tenants, the anomalies detected by transforming the events in categorized features and requiring a loss function analyzer to correlate, essentially through an origin, the categorized features with a target feature artificially labeled as a constant. an anomaly score received for a production event is determined based on calculated likelihood coefficients of categorized feature-value pairs and a prevalencist probability value of the production event comprising the coded features-value pairs.

Inventor(s): Jeevan Tambuluri, Ravi Ithal, Steve Malmskog, Abhay Kulkarni, Ariel Faigon, Krishna Narayanaswamy

CPC Classification: H04L63/1416 ({Event detection, e.g. attack signature detection})

Search for rejections for patent application number 20250168179