CPC H04L 63/1425 (2013.01) [G06N 3/049 (2013.01); G06N 7/01 (2023.01); G06N 20/00 (2019.01); H04L 63/1416 (2013.01); H04L 63/1433 (2013.01)] | 19 Claims |
11. A cyber threat defense method comprising:
ingesting network data associated with network structures, network devices and network users;
evaluating the network data with a first of one or more machine learning models, identifying metrics associated with the network data, and outputting at least a first score indicative of whether anomalous network data metrics are caused by a cyber threat;
receiving output scores from each of the one or more machine learning models;
determining a probability that a cybersecurity breach has occurred; and
transmitting a message to an autonomous response module based on the determined probability of a cybersecurity breach,
wherein the evaluating of the network data with the first machine learning model of the one or more machine learning models comprises calculating a probability distribution for the network data metrics, wherein the network data metrics are associated with at least a time and location of a network event, and the score determined by the first machine learning model and output is based on a comparison between the probability distribution and the network data metrics.
|