Siemens Aktiengesellschaft (20240275798). METHOD AND SYSTEM FOR AUTOMATED ANALYSIS OF INDUSTRIAL CYBERSECURITY EVENTS simplified abstract
Contents
- 1 METHOD AND SYSTEM FOR AUTOMATED ANALYSIS OF INDUSTRIAL CYBERSECURITY EVENTS
- 1.1 Organization Name
- 1.2 Inventor(s)
- 1.3 METHOD AND SYSTEM FOR AUTOMATED ANALYSIS OF INDUSTRIAL CYBERSECURITY EVENTS - A simplified explanation of the abstract
- 1.4 Simplified Explanation
- 1.5 Key Features and Innovation
- 1.6 Potential Applications
- 1.7 Problems Solved
- 1.8 Benefits
- 1.9 Commercial Applications
- 1.10 Prior Art
- 1.11 Frequently Updated Research
- 1.12 Questions about Industrial Cybersecurity Alert Prioritization System
- 1.13 Original Abstract Submitted
METHOD AND SYSTEM FOR AUTOMATED ANALYSIS OF INDUSTRIAL CYBERSECURITY EVENTS
Organization Name
Inventor(s)
Josep Soler Garrido of Sevilla (ES)
Jan Kissling of Graben-Neudorf (DE)
METHOD AND SYSTEM FOR AUTOMATED ANALYSIS OF INDUSTRIAL CYBERSECURITY EVENTS - A simplified explanation of the abstract
This abstract first appeared for US patent application 20240275798 titled 'METHOD AND SYSTEM FOR AUTOMATED ANALYSIS OF INDUSTRIAL CYBERSECURITY EVENTS
Simplified Explanation
The patent application describes a system that uses a knowledge graph to analyze cybersecurity events in industrial systems. It generates priority scores for entities and events to prioritize alerts from security tools.
- The system produces observed triple statements from events received from a security tool.
- A link-prediction component estimates a probability score for each observed triple statement by link prediction in a knowledge graph.
- A scoring component computes priority scores for entities and events based on the probability scores.
- Priority scores help prioritize alerts from security tools in an unsupervised manner.
- The system does not directly predict maliciousness but uses priority scores to evaluate and prioritize system observations.
Key Features and Innovation
- Utilizes a knowledge graph for analyzing cybersecurity events in industrial systems.
- Generates priority scores for entities and events to prioritize alerts.
- Works in an unsupervised manner without directly predicting maliciousness.
- Enhances cybersecurity monitoring and alert prioritization.
Potential Applications
- Industrial cybersecurity monitoring and alert prioritization.
- Automated analysis of cybersecurity events in complex systems.
- Enhancing security tool effectiveness in industrial environments.
Problems Solved
- Prioritizing alerts from security tools in industrial systems.
- Efficiently analyzing and evaluating cybersecurity events.
- Enhancing overall cybersecurity monitoring in industrial settings.
Benefits
- Improved alert prioritization for better incident response.
- Enhanced cybersecurity monitoring and analysis.
- Efficient utilization of knowledge graph technology for industrial cybersecurity.
Commercial Applications
Industrial Cybersecurity Alert Prioritization System: Enhancing Incident Response and Monitoring Efficiency
Prior Art
Further research can be conducted in the field of knowledge graph-based cybersecurity event analysis to explore existing technologies and approaches.
Frequently Updated Research
Stay updated on advancements in knowledge graph technology for cybersecurity event analysis to enhance the system's capabilities.
Questions about Industrial Cybersecurity Alert Prioritization System
How does the system prioritize alerts from security tools in industrial systems?
The system uses priority scores computed for entities and events based on probability scores to prioritize alerts effectively.
What are the key benefits of utilizing a knowledge graph for cybersecurity event analysis in industrial systems?
The use of a knowledge graph enhances the system's ability to analyze and evaluate cybersecurity events accurately, leading to improved incident response and monitoring efficiency.
Original Abstract Submitted
a first mapping component produces observed triple statements from events received from a security tool monitoring an industrial system. a link-prediction component estimates a probability score for each observed triple statement by link prediction in a knowledge graph. a scoring component computes priority score for an entity of the industrial system contained in the knowledge graph and/or events based on the probability scores. priority scores can be computed for some or all possible events in the industrial system as a reference to prioritize alerts coming from the security tools. the system works in an unsupervised manner. in fact, the system does not directly try to infer (predict) maliciousness in entities or events on the knowledge graph. instead, priority scores are used during operation to evaluate actual system observations and prioritize them. therefore, a knowledge graph-based recommendation system for automated analysis of industrial cybersecurity events is provided.