US 12,407,712 B2
Artificial intelligence cyber security analyst
Timothy Bazalgette, Knebworth (GB); Dickon Humphrey, Cambridge (GB); Carl Salji, Bedford (GB); and Jack Stockdale, Cambridge (GB)
Assigned to Darktrace Holdings Limited, Cambridge (GB)
Filed by Darktrace Holdings Limited, Cambridge (GB)
Filed on May 16, 2022, as Appl. No. 17/745,250.
Application 17/745,250 is a continuation of application No. 16/278,918, filed on Feb. 19, 2019, granted, now 11,336,669, issued on May 17, 2022.
Claims priority of provisional application 62/632,623, filed on Feb. 20, 2018.
Prior Publication US 2022/0353286 A1, Nov. 3, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/00 (2022.01); G06F 3/04842 (2022.01); G06F 3/0486 (2013.01); G06F 16/2455 (2019.01); G06F 18/23 (2023.01); G06F 18/232 (2023.01); G06F 21/36 (2013.01); G06F 21/55 (2013.01); G06F 40/40 (2020.01); G06N 20/00 (2019.01); G06N 20/10 (2019.01); G06V 30/10 (2022.01); H04L 9/40 (2022.01); H04L 41/22 (2022.01); H04L 43/045 (2022.01); H04L 51/212 (2022.01); H04L 51/224 (2022.01); H04L 51/42 (2022.01); G06N 20/20 (2019.01)
CPC H04L 63/1441 (2013.01) [G06F 3/04842 (2013.01); G06F 3/0486 (2013.01); G06F 16/2455 (2019.01); G06F 18/23 (2023.01); G06F 18/232 (2023.01); G06F 21/36 (2013.01); G06F 21/554 (2013.01); G06F 21/556 (2013.01); G06F 40/40 (2020.01); G06N 20/00 (2019.01); G06N 20/10 (2019.01); G06V 30/10 (2022.01); H04L 41/22 (2013.01); H04L 43/045 (2013.01); H04L 51/212 (2022.05); H04L 51/224 (2022.05); H04L 51/42 (2022.05); H04L 63/0209 (2013.01); H04L 63/0428 (2013.01); H04L 63/101 (2013.01); H04L 63/14 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/1483 (2013.01); H04L 63/20 (2013.01); G06N 20/20 (2019.01)] 20 Claims
OG exemplary drawing
 
1. A method for tackling investigations into specific real and synthesized cyber threats, comprising:
configuring an Artificial Intelligence (AI)-based cyber-security analyst operating with a human cyber security analyst who may be facing an unidentified cyber threat for a first time;
configuring the AI-based cyber-security analyst to conduct an initial analysis and provide results of the initial analysis to supplement an investigation of a potential cyber security threat by the human cyber security analyst;
configuring an analyzer module in the AI-based cyber-security analyst to use one or more AI models are initially trained through machine-learning on behaviors or suspicious activities provided from multiple data sources to assign a probability of the potential cyber security threat, including simulations, database records, and actual monitoring of different human exemplar cases, where the one or more AI models are trained to learn how the expert human cyber security analysts tackle investigations into specific real and synthesized cyber threats;
configuring the AI-based cyber-security analyst to form one or more hypotheses on what are possible cyber security threats which could be caused by analyzed abnormal behavior or suspicious activity, and then to find evidence data to support or refute each possible hypothesis;
extracting data by a gatherer module on each of the possible cyber security threats;
filtering the extracted data by the gatherer module to produce relevant data that either supports or refutes each of the one or more hypotheses;
configuring the analyzer module to rank, based on the relevant data, supported candidate cyber threat hypotheses by a likelihood that this candidate cyber threat hypothesis is supported, using a confidence schema to sequentially test indicators associated with each hypothesis; and
configuring a formatting module to format, present a rank for, and output the supported cyber threat hypotheses from the analyzer module into a formalized report, from a first template, that is outputted for a human user's consumption in a medium of any of 1) printable report, 2) presented digitally on a user interface, 3) in a machine readable format for further use in machine-learning reinforcement and refinement, or 4) any combination of the three.