Abstract: Techniques for building and maintaining cyber security threat detection models are described. The techniques include data selection, algorithm selection, risk score algorithm selection, model outcome selection, and model automation. During data selection, data is received from various sources and in various formats. The data is then tokenized into vector form and compared to preexisting vectors. If the vectors are equal, the tokenized vector is saved in the database. If the vectors are not equal, a new vector, in key value pair format, is formed. After which, algorithms can be selected to detect anomalies within the data and assign a risk score to the data. Subsequently, a matrix is formed with the vector, selected algorithm, and parameters of the data that were analyzed. The matrix is then stored for application with future data based on a predetermined rule. The output can be modeled in various user-friendly methods.
Abstract: A computer-implemented method for anomaly detection based on deep learning includes acquiring a plurality of records, each record having a corresponding number of attributes, identifying outliers in the plurality of records using labels generated from processing the plurality of records through an ensemble of different deep learning models, wherein an output of at least one model is used as an input to at least one other model and detecting anomalies in the plurality of records using a probabilistic classifier based on plurality of records and labels.
Abstract: A technique includes acquiring a plurality of records, each record having a corresponding number of attributes determining, based on local density measurements for numeric and normally distributed attribute value frequency measure for categorical attributes tags in the training portion of the plurality of records which is then used in probabilistic classifier for anomaly detection. A second set of implementations is proposed using ensemble method of combining deep learning algorithms for the same.