	US 12,069,073 B2
	Cyber threat defense system and method
Dickon Murray Humphrey, Cambridge (GB); Timothy Owen Bazalgette, Knebworth (GB); and Andres Curto Martin, Cambridge (GB)
Assigned to Darktrace Holdings Limited, Cambridge (GB)
Filed by Darktrace Holdings Limited, Cambridge (GB)
Filed on Feb. 26, 2021, as Appl. No. 17/187,383.
Claims priority of provisional application 62/983,307, filed on Feb. 28, 2020.
Prior Publication US 2021/0273960 A1, Sep. 2, 2021
Int. Cl. H04L 9/40 (2022.01); G06N 3/049 (2023.01); G06N 7/01 (2023.01); G06N 20/00 (2019.01)

CPC H04L 63/1425 (2013.01) [G06N 3/049 (2013.01); G06N 7/01 (2023.01); G06N 20/00 (2019.01); H04L 63/1416 (2013.01); H04L 63/1433 (2013.01)]

19 Claims

11. A cyber threat defense method comprising:

ingesting network data associated with network structures, network devices and network users;

evaluating the network data with a first of one or more machine learning models, identifying metrics associated with the network data, and outputting at least a first score indicative of whether anomalous network data metrics are caused by a cyber threat;

receiving output scores from each of the one or more machine learning models;

determining a probability that a cybersecurity breach has occurred; and

transmitting a message to an autonomous response module based on the determined probability of a cybersecurity breach,

wherein the evaluating of the network data with the first machine learning model of the one or more machine learning models comprises calculating a probability distribution for the network data metrics, wherein the network data metrics are associated with at least a time and location of a network event, and the score determined by the first machine learning model and output is based on a comparison between the probability distribution and the network data metrics.