	US 11,991,191 B2
	Detecting a missing security alert using a machine learning model
Roy Levin, Haifa (IL); and Mathias A. M. Scherman, Tel Aviv (IL)
Assigned to MICROSOFT TECHNOLOGY LICENSING, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on May 12, 2022, as Appl. No. 17/742,688.
Application 17/742,688 is a continuation of application No. 16/368,704, filed on Mar. 28, 2019, granted, now 11,363,036.
Prior Publication US 2022/0272112 A1, Aug. 25, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01)

CPC H04L 63/1416 (2013.01) [H04L 63/1466 (2013.01)]

20 Claims

1. A system comprising:

at least one processor circuit; and

at least one memory that stores instructions to be executed by the at least one processor circuit, the instructions configured to perform operations that comprise:

applying a received alert sequence to a security incident model generated based on historical alerts;

receiving an indication from the security incident model that the received alert sequence corresponds to a security incident defined by a predetermined sequence of alerts that includes an alert missing from the received alert sequence, the alert missing from the received alert sequence comprising an undetected event relating to an attack on a resource, the security incident model implementing at least one of a vector space learning algorithm, a decision tree algorithm, or a neural network learning algorithm; and

generating a notification to a network security provider that indicates the alert missing from the received alert sequence.