| CPC G06F 16/9024 (2019.01) [G06F 16/24568 (2019.01); G06F 16/285 (2019.01); H04L 67/535 (2022.05)] | 20 Claims |
|
1. A system comprising:
a data ingester configured to:
receive, from a data source, raw or preprocessed data,
process, at a processing module, the raw or preprocessed data received from the data source,
filter, at a data filter, processed data received from the processing module,
normalize and sample, at a normalization and sampling module, filtered data received from the data filter to produce output data, and
transmit the output data to a data store;
a connectivity generator configured to generate a connectivity overlay comprising an intra-device graph and an inter-device graph;
an event access control system, configured to:
receive data from the data store, and
generate an event set, wherein the event set is based at least in part upon the data received from the data store and at least one first rule; and
a feature vector generation framework executable by one or more processors and configured for producing feature vectors associated with candidate device pairs, based at least in part upon first device activity history associated with devices of the candidate device pairs, wherein the feature vector generation framework is operable to use at least one second rule to produce a feature vector associated with at least one candidate device pair based at least in part upon (a) a second device activity history associated with a first device of the at least one candidate device pair, and (b) a third device activity history associated with a second device of the at least one candidate device pair, wherein the feature vector associated with the at least one candidate device pair comprises a first confidence result and a second confidence result, the first confidence result being used to generate the inter-device graph, and the second confidence result being used to generate the intra-device graph.
|