| CPC H04L 63/205 (2013.01) [G06N 3/08 (2013.01); H04L 63/10 (2013.01); H04L 63/1425 (2013.01)] | 20 Claims |
|
2. A method for using cyber security incident and system data to generate recommendations for computer security policy modifications comprising:
obtaining a first computer security policy comprising an indication of a plurality of systems that a first computing system has access to, and a plurality of permissions granted to the first computing system;
generating a graph embedding of the first computer security policy by using the first computer security policy to create a graph structure and generating the graph embedding based on the graph structure;
inputting the graph embedding of the first computer security policy into a machine learning model, the machine learning model having been trained on a dataset that includes representations of computer security policies associated with a plurality of computing systems and labels indicating urgency levels of cyber security incidents associated with the computer security policies, wherein the dataset further comprises second order access data indicating access of computing systems that are one degree removed from the plurality of computing systems;
generating, via the machine learning model and based on inputting the graph embedding of the first computer security policy into the machine learning model, an output indicating a likelihood that the first computing system will be involved in a cyber security incident;
based on the output satisfying a first threshold, generating a recommendation to remove a first permission from the first computer security policy; and
sending the recommendation to a user device.
|