US 11,057,402 B2
Parallelism and n-tiering of knowledge inference and statistical correlation system
Albert Keng Leng Lim, Certis CISCO Centre (SG)
Assigned to Certis CISCO Security Pte Ltd, Certis CISCO Centre (SG)
Appl. No. 16/98,826
Filed by Certis CISCO Security Pte Ltd, Certis CISCO Centre (SG)
PCT Filed May 4, 2016, PCT No. PCT/SG2016/050206
§ 371(c)(1), (2) Date Nov. 2, 2018,
PCT Pub. No. WO2017/192099, PCT Pub. Date Nov. 9, 2017.
Prior Publication US 2019/0141060 A1, May 9, 2019
Int. Cl. H04L 29/06 (2006.01); G06F 21/50 (2013.01); H04L 29/00 (2006.01); G06N 5/04 (2006.01); G06N 7/08 (2006.01); H04L 12/24 (2006.01)
CPC H04L 63/1416 (2013.01) [G06F 21/50 (2013.01); G06N 5/04 (2013.01); G06N 7/08 (2013.01); H04L 29/00 (2013.01); H04L 41/147 (2013.01); H04L 63/1408 (2013.01); H04L 63/20 (2013.01)] 12 Claims
OG exemplary drawing
 
1. An n-tiering security threat inference and correlation apparatus for monitoring and anticipating cyber attacks, the apparatus comprising:
one or more processors; and memory communicatively coupled to the one or more processors, the memory storing computer-excutable systems executable by the one or more processors, the computer-executable systems including:
a plurality of groups of inference-correlation systems, each group arranged with at least one inference system and at least one associated correlation system configured to monitor at least one network; and
an input/output (I/O) system configured to receive security events, and broadcast the received security events to the plurality of groups of inference-correlation systems;
wherein respective groups of inference-correlation systems are configured to process only the broadcasted security events relevant to respective networks to identify the cyber attacks; and
wherein the at least one inference system includes being arranged to perform the processing based on defined inference rules to identify high value and low value events, and the inference rules are obtained from stochastic parameters that are user-customisable according to severity attributes.