&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
			function printpage()
			{
			window.print()
			}
			</script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11734423.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,734,423 B1</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Apparatus and method for monitoring of data for attack detection and prevention</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Hazem Mohamed Ahmed Soliman,  Toronto (CA); and  Niranjan Mayya,  Mississauga (CA)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Arctic Wolf Networks, Inc.,  Eden Prairie, MN (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Arctic Wolf Networks, Inc.,  Eden Prairie, MN (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Oct.  27, 2022, as Appl. No. 18/50,398.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>G06F 21/55</b></i> (2013.01); <i><b>G06F 21/57</b></i> (2013.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>G06F 21/554</b></i> (2013.01)&#xa0;[<i><b>G06F 21/577</b></i> (2013.01); <i>G06F 2221/034</i> (2013.01)]</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11734423-20230822-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. An apparatus, comprising:<div class="claim_text">a memory; and</div>
                <div class="claim_text">a processor operatively coupled to the memory, the processor configured to:<div class="claim_text">receive a cybersecurity alert associated with an attribute;</div>
                  <div class="claim_text">identify, automatically in response to receiving the cybersecurity alert associated with the attribute, a bucket from a hash table and associated with the attribute;</div>
                  <div class="claim_text">update, automatically in response to identifying the bucket from the hash table, a set of cybersecurity alerts associated with the bucket to generate an updated set of cybersecurity alerts associated with the bucket, the set of cybersecurity alerts associated with the bucket not including the cybersecurity alert, the updated set of cybersecurity alerts associated with the bucket including the cybersecurity alert and the set of cybersecurity alerts;</div>
                  <div class="claim_text">identify, automatically in response to updating, a set of correlations between cybersecurity alerts included in the updated set of cybersecurity alerts associated with the bucket;</div>
                  <div class="claim_text">generate, automatically in response to identifying the set of correlations, an attack graph based on the set of correlations;</div>
                  <div class="claim_text">identify, automatically in response to generating the attack graph, a first attack subgraph from the attack graph;</div>
                  <div class="claim_text">identify, automatically in response to generating the attack graph, a second attack subgraph from the attack graph;</div>
                  <div class="claim_text">determine, automatically in response to generating the first attack subgraph, a maliciousness score associated with the first attack subgraph;</div>
                  <div class="claim_text">determine, automatically in response to generating the second attack subgraph, a maliciousness score associated with the second attack subgraph; and</div>
                  <div class="claim_text">in response to at least one of the maliciousness score associated with the first attack subgraph or the maliciousness score associated with the second attack subgraph being outside a predetermined acceptable maliciousness score range, send a signal to cause at least one remedial action at a compute device associated with a cybersecurity user.</div>
                </div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>