AUTO-DETECTION OF OBSERVABLES AND AUTO-DISPOSITION OF ALERTS IN AN ENDPOINT DETECTION AND RESPONSE (EDR) SYSTEM USING MACHINE LEARNING

WIPO Patent Application WO/2024/093872

A1

A technique for threat response associated with an endpoint detection and response (EDR) system. The system uses a combination of automated observable detection, threat intelligence enrichment, graph analysis, and supervised machine learning to machine-predict analyst behavior in classifying (as 'true' or 'false' positives) the EDR alerts, and to support either (i) automated suppression of those alerts that the system classifies with sufficient confidence as either true or false, or (ii) for those alerts than cannot be so classified, the providing of recommendations to analysts to facilitate their activities. Auto-detection of observables for graph-based feature detection, together with the automated disposition of alerts where possible greatly reduces overall analyst workload for the EDR system. Further, and even where a machine-based prediction does not have sufficient confidence to enable bypassing the analyst, the system provides the analyst with additional context and enrichment to facilitate expedited (or at least more efficient) alert handling.

BHATIA AANKUR (US)
BASU ABHISHEK (IN)
ARBOS LUIZ MARCEL (PL)
LIGGETT TERRY (US)
PROCTOR KYLE (US)

PCT/CN2023/127565

May 10, 2024

October 30, 2023

Click for automatic bibliography generation  

IBM (US)
IBM CHINA CO LTD (CN)

G06F11/22; G06N20/00

US20180367561A1	2018-12-20
US20220210168A1	2022-06-30
US11290483B1	2022-03-29
US20070209074A1	2007-09-06
US20200358792A1	2020-11-12

ZHONGZI LAW OFFICE (CN)

View/Download PDF      PDF Help

Previous Patent: KEYPRESS EVENT MONITORING METHOD AND SYSTEM, AND ELECTRONIC DEVICE

Next Patent: MICRO LED CHIP, DISPLAY MODULE, AND ELECTRONIC DEVICE