TRAINING AND DEPLOYING MODELS TO PREDICT CYBERSECURITY EVENTS

Organization Name

INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor(s)

Shiau Hong Lim of Singapore (SG)

Laura Wynter of Singapore (SG)

TRAINING AND DEPLOYING MODELS TO PREDICT CYBERSECURITY EVENTS - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240378285 titled 'TRAINING AND DEPLOYING MODELS TO PREDICT CYBERSECURITY EVENTS

The abstract of this patent application describes a computer-implemented method that involves collecting historical event log data from host devices, training models to convert textual log events into event embedding vectors, and classifying abnormal or potentially malicious behavior using a hierarchical temporal event transformer model.

• The method collects historical event log data and converts textual log events into event embedding vectors.
• It trains a model to classify abnormal or potentially malicious behavior using a hierarchical temporal event transformer model.
• The trained models are deployed to predict the likelihood of a malicious cybersecurity event occurring within a predetermined period of time.

Potential Applications: - Cybersecurity threat detection - Anomaly detection in network security - Predictive maintenance in IT systems

Problems Solved: - Identifying abnormal or potentially malicious behavior in event log data - Improving cybersecurity threat detection accuracy - Enhancing proactive cybersecurity measures

Benefits: - Early detection of cybersecurity threats - Improved response time to potential security breaches - Enhanced overall cybersecurity posture

Commercial Applications: Title: "Advanced Cybersecurity Threat Detection System" This technology can be utilized by cybersecurity firms, IT departments, and organizations with sensitive data to enhance their threat detection capabilities and protect against cyber attacks. The market implications include increased demand for advanced cybersecurity solutions and services.

Prior Art: Researchers can explore prior art related to event log analysis, anomaly detection in cybersecurity, and machine learning models for threat detection to understand the existing technologies in this field.

Frequently Updated Research: Researchers in the field of cybersecurity and machine learning may be conducting studies on improving anomaly detection algorithms, enhancing event log analysis techniques, and optimizing predictive models for cybersecurity threat detection.

Questions about the Technology: 1. How does the hierarchical temporal event transformer model improve cybersecurity threat detection? 2. What are the key differences between this method and traditional anomaly detection approaches?

Original Abstract Submitted

a computer-implemented method, according to one approach, includes collecting historical event log data from host devices and training a first model to convert textual log events of the historical event log data into event embedding vectors. the method further includes training a second model to classify whether at least some of the event embedding vectors represent abnormal or potentially malicious behavior. the second model is a hierarchical temporal event transformer model. the method further includes deploying the trained first model and the trained second model to predict a likelihood of a malicious cybersecurity event occurring within a first predetermined period of time from a current time. a computer program product, according to another approach, includes a computer readable storage medium having program instructions embodied therewith. the program instructions are readable and/or executable by a computer to cause the computer to perform the foregoing method.