ADDRESSING STRUCTURED FALSE POSITIVES DURING ASSET ANOMALY DETECTION

Organization Name

International Business Machines Corporation

Inventor(s)

Bo-Yu Kuo of Kaohsiung (TW)

Yu-Jin Chen of New Taipei City (TW)

Yu-Chi Tang of New Taipei City (TW)

Shih Hsuan Lee of Zhuangwei (TW)

ADDRESSING STRUCTURED FALSE POSITIVES DURING ASSET ANOMALY DETECTION - A simplified explanation of the abstract

This abstract first appeared for US patent application 18112225 titled 'ADDRESSING STRUCTURED FALSE POSITIVES DURING ASSET ANOMALY DETECTION

The patent application describes techniques for addressing structured false positives in detecting asset anomalies in a computing environment.

• Applying an anomaly detection machine learning model to assets to determine anomaly assets based on anomaly risk scores.
• Calculating structured false positive scores for anomaly assets during a current time window.
• Retraining the machine learning model if a threshold of anomaly assets have structured false positive scores exceeding a set threshold.

Potential Applications: - Cybersecurity systems - Fraud detection systems - Network monitoring tools

Problems Solved: - Reducing false positives in anomaly detection - Improving accuracy of asset anomaly identification

Benefits: - Enhanced security measures - Increased efficiency in anomaly detection - Minimized impact of false alarms

Commercial Applications: Title: "Enhancing Anomaly Detection in Cybersecurity Systems" This technology can be utilized in cybersecurity software to improve the accuracy of anomaly detection, reducing the risk of false positives and enhancing overall security measures in various industries.

Prior Art: Researchers have explored similar methods of addressing false positives in anomaly detection systems, such as adjusting threshold values and retraining machine learning models based on structured false positive scores.

Frequently Updated Research: Stay updated on advancements in anomaly detection techniques, machine learning models, and cybersecurity systems to enhance the effectiveness of this technology.

Questions about Asset Anomaly Detection: 1. How does this technology improve the accuracy of anomaly detection in computing environments? 2. What are the key factors considered in calculating structured false positive scores for anomaly assets?

Original Abstract Submitted

Techniques are described with regard to addressing structured false positives in the context of detecting asset anomalies in a computing environment. An associated computer-implemented method includes applying an anomaly detection machine learning model to each of a plurality of assets in order to determine a plurality of anomaly assets among the plurality of assets. The plurality of anomaly assets are determined based upon a model anomaly risk score calculated for each of the plurality of assets consequent to asset event data analysis. The method further includes calculating a structured false positive score for each of the plurality of anomaly assets during a current structured false positive time window. The method further includes retraining the anomaly detection machine learning model responsive to determining that a threshold value of anomaly assets among the plurality of anomaly assets have a structured false positive score exceeding a structured false positive threshold value.