US 11,941,054 B2
Iterative constraint solving in abstract graph matching for cyber incident reasoning
Xiaokui Shu, Ossining, NY (US); Douglas L. Schales, Ardsley, NY (US); Marc Philippe Stoecklin, White Plains, NY (US); and Frederico Araujo, White Plains, NY (US)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on Oct. 12, 2018, as Appl. No. 16/158,863.
Prior Publication US 2020/0120109 A1, Apr. 16, 2020
Int. Cl. G06F 18/22 (2023.01); G06F 16/901 (2019.01); H04L 9/40 (2022.01); G06N 5/04 (2023.01); G06N 20/00 (2019.01)
CPC G06F 16/9024 (2019.01) [G06F 18/22 (2023.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); G06N 5/04 (2013.01); G06N 20/00 (2019.01)] 21 Claims
OG exemplary drawing
 
1. A method for storage-efficient graph pattern matching, comprising:
providing a graph pattern that comprises a set of elements with constraints and connections among them;
deriving, as a supplemental data structure distinct from the graph pattern, a graph of constraint relations in the graph pattern;
providing an activity graph representing activity data captured in association with one of: a process, a host machine, and a network of machines; and
responsive to a query, finding one or more subgraphs of the activity graph that satisfy the graph pattern by iteratively solving constraints in the graph pattern one at a time, wherein after at least one iteration that solves a constraint is completed and before a next constraint is solved, a result is propagated using a graph traversal of the graph of constraint relations.