	US 12,177,236 B2
	Methods and systems for analyzing cybersecurity threats
Richard Edwin Heimann, Washington, DC (US); Jonathan Lee Ticknor, Brambleton, VA (US); Amanda Lynn Traud, Arlington, VA (US); Marshall Thomas Vandegrift, Atlanta, GA (US); Kaska Adoteye, Arlington, VA (US); Jesse Pruitt Jeter, Arlington, VA (US); and Michael Toru Czerny, Alexandria, VA (US)
Assigned to CYBRAICS, INC., Fort Lauderdale, FL (US)
Filed by CYBRAICS, INC., Fort Lauderdale, FL (US)
Filed on Apr. 29, 2020, as Appl. No. 16/861,636.
Application 16/861,636 is a continuation of application No. 15/411,460, filed on Jan. 20, 2017, granted, now 10,685,293.
Prior Publication US 2020/0258004 A1, Aug. 13, 2020
Int. Cl. H04L 9/40 (2022.01); G06N 20/00 (2019.01)

CPC H04L 63/1425 (2013.01) [G06N 20/00 (2019.01)]

20 Claims

1. A method of analyzing cybersecurity threats comprising:

performing processing associated with receiving, with an analysis module of a processor, log data from at least one network node;

performing processing associated with identifying with the analysis module, using Community, scalable Ghost₁and scalable Ghost₂, at least one statistical outlier within the log data, wherein Ghost₁and Ghost₂comprise a process that use unsupervised learning to identify outliers comprising a feature generation process which extracts features from raw data and/or an outlier detection piece which uses extracted features, and wherein the identifying comprising:

performing processing associated with determining, with the analysis module, that the at least one statistical outlier represents a cybersecurity threat by applying at least one machine learning algorithm to the at least one statistical outlier, wherein the at least one statistical outlier is driven by an unsupervised score engine that uses network-based behavioral analytics to score observations and produce score events, wherein the at least one statistical outlier is standardized to facilitate automation.