Patents by Inventor Gary I. Givental
Gary I. Givental has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240129331Abstract: An enhanced threat disposition analysis technique is provided. In response to receipt of a security threat identified in an alert, a threat disposition score (TDS) is retrieved. The TDS is generated from a machine learning scoring model that is built from information about historical security threats, including historical disposition of one or more alerts associated with the historical security threats. The TDS is based in part on an effectiveness of a prior calculated TDS to predict a particular historical disposition associated with the alert. The system augments an alert to include the threat disposition score, optionally together with a confidence level, to generate an enriched alert. The enriched alert is then presented to the security analyst for handling directly. Preferably, the machine learning model is updated continuously as the system handles security threats, thereby increasing the predictive benefit of the TDS scoring.Type: ApplicationFiled: December 19, 2023Publication date: April 18, 2024Inventors: Gary I. Givental, Aankur Bhatia, PAUL J. DWYER
-
Patent number: 11888883Abstract: An enhanced threat disposition analysis technique is provided. In response to receipt of a security threat, a threat disposition score (TDS) is retrieved. The threat disposition score is generated from a machine learning scoring model that is built from information about historical security threats, including historical disposition of one or more alerts associated with the historical security threats. The system augments an alert to include the threat disposition score, optionally together with a confidence level, to generate an enriched alert. The enriched alert is then presented to the security analyst for handling directly. Depending on the TDS (and its confidence level), the analyst may be able to respond to the threat immediately, i.e., without further detailed investigation. Preferably, the machine learning model is updated continuously as the system handles security threats, thereby increasing the predictive benefit of the TDS scoring.Type: GrantFiled: June 14, 2017Date of Patent: January 30, 2024Assignee: International Business Machines CorporationInventors: Gary I. Givental, Aankur Bhatia, Paul J. Dwyer
-
Patent number: 11838400Abstract: An example operation may include one or more of receiving storage requests endorsed by blockchain peers of a blockchain, selecting a group of the endorsed storage requests to be stored together and ordering the group of endorsed storage requests with respect to each other based on timestamps, encoding the group of ordered and endorsed storage requests into an image, and storing the encoded image within a data section of a block of the blockchain.Type: GrantFiled: November 19, 2019Date of Patent: December 5, 2023Assignee: International Business Machines CorporationInventors: Gary I. Givental, HuyAnh Dinh Ngo, Srinivas Babu Tummalapenta, Aankur Bhatia, Wesley Ali Khademi, Adam Lee Griffin
-
Publication number: 20230216865Abstract: Mitigating bias in a machine learning-augmented threat disposition platform can include generating a group of alerts in response to determining a similarity among the alerts. The alerts are generated in real time by a threat monitoring tool in response to one or more potential threats to a networked computing system. One or more alert spikes can be determined by partitioning the group into one or more alert spike subgroups. Each alert spike subgroup corresponds to an alert spike and contains two or more similar alerts that were generated within a predetermined time interval of one another. Duplicate alerts in each alert spike can be eliminated and each non-discarded alert labeled. The labeled alerts are used for training a reduced-bias machine learning model.Type: ApplicationFiled: January 4, 2022Publication date: July 6, 2023Inventors: Aankur Bhatia, Gary I. Givental, Namrata Tolani, Ajmeera Balaji Naik, Oleksandr Shmaliy
-
Publication number: 20230185923Abstract: An apparatus, a method, and a computer program product are provided that dynamically selects features and machine learning models for optimal accuracy when determining a threat disposition of a security alert. The method includes training a base machine learning model, determining impacts that features in the training dataset have on the trained base machine learning model when predicting threat disposition on security threats, and creating subsets of the features, based on threat dispositions, by analyzing the features with their corresponding impacts and placing common features and impacts into each subset of the subsets. The method also includes training a plurality of machine learning models and a machine learning feature predictor using the training dataset and the subsets. The method further includes selecting, for a new input data instance, the selected features from the new input data instance and selecting a trained machine learning model trained based on the selected features.Type: ApplicationFiled: December 10, 2021Publication date: June 15, 2023Inventors: Gary I. Givental, Joel Rajakumar, Aankur Bhatia
-
Patent number: 11663329Abstract: A method, a computer program product, and a system for performing a of threat similarity analysis for automated action on security alerts. The method includes receiving, by a threat similarity analysis system, a security alert relating to a security from a threat disposition system within an environment, performing, by the threat similarity analysis system, a similarity analysis on the security alert using a machine learning model. The similarity analysis compares the security alert with previous security alerts within a time window. The threat similarity analysis system can apply a cosine similarity analysis to perform the similarity analysis. The method also includes determining, based on the similarity analysis, the security alert matches at least one previous security alert from the previous security alerts within a predetermined degree, and associating the security alert into a same security incident as the previous security alert determined by similarity analysis.Type: GrantFiled: March 9, 2021Date of Patent: May 30, 2023Assignee: International Business Machines CorporationInventors: Gary I. Givental, Aankur Bhatia, Kyle Proctor, Rafal Hajduk
-
Publication number: 20230153421Abstract: Techniques for improved cybersecurity are provided. A plurality of feature subsets are identified, each containing a respective subset of features from a plurality of features included in a set of training security logs. The plurality of feature subsets is modified using one or more genetic programming techniques, and each of the plurality of feature subsets is scored using a plurality of threat classifiers, where the plurality of threat classifiers comprise trained machine learning models. A set of feature subsets is selected, from the plurality of feature subsets, based on the scores. A type classifier is trained based on the set of feature subsets, where the type classifier comprises a trained machine learning model.Type: ApplicationFiled: November 15, 2021Publication date: May 18, 2023Inventors: Gary I. GIVENTAL, Aankur BHATIA, Joel RAJAKUMAR
-
Patent number: 11620581Abstract: Mechanisms are provided to implement an ensemble of unsupervised machine learning (ML) models. The ensemble of unsupervised ML models processes a portion of input data to generate an ensemble output and the ensemble output is output to an authorized user computing device to obtain user feedback from the authorized user via the user computing device. The user feedback indicates a correctness of the ensemble output. The mechanisms modify at least one feature of the ensemble of unsupervised ML models based on the obtained user feedback to thereby generate a modified ensemble of unsupervised ML models. Subsequent portions of input data are then processed using the modified ensemble of unsupervised ML models.Type: GrantFiled: March 6, 2020Date of Patent: April 4, 2023Assignee: International Business Machines CorporationInventors: Gary I. Givental, Aankur Bhatia, Lu An
-
Patent number: 11620481Abstract: A machine learning model selector is provided. A set of machine learning (ML) models are trained based on a first training dataset. The set of trained ML model is executed on a second training dataset to generate a corresponding output for a set of data instances in the second training dataset. For each data instance in the set of data instances, a corresponding ranking of ML models is generated based on the corresponding output for the data instance generated by the set of ML models. A ML model selector is trained based on the data instances in the set of data instances and the corresponding ranking of ML models, to select a trained ML model based on an input data instance.Type: GrantFiled: February 26, 2020Date of Patent: April 4, 2023Assignee: International Business Machines CorporationInventors: Gary I. Givental, Aankur Bhatia, Joel Rajakumar
-
Publication number: 20220292186Abstract: A method, a computer program product, and a system for performing a of threat similarity analysis for automated action on security alerts. The method includes receiving, by a threat similarity analysis system, a security alert relating to a security from a threat disposition system within an environment, performing, by the threat similarity analysis system, a similarity analysis on the security alert using a machine learning model. The similarity analysis compares the security alert with previous security alerts within a time window. The threat similarity analysis system can apply a cosine similarity analysis to perform the similarity analysis. The method also includes determining, based on the similarity analysis, the security alert matches at least one previous security alert from the previous security alerts within a predetermined degree, and associating the security alert into a same security incident as the previous security alert determined by similarity analysis.Type: ApplicationFiled: March 9, 2021Publication date: September 15, 2022Inventors: Gary I. Givental, Aankur Bhatia, Kyle Proctor, Rafal Hajduk
-
Patent number: 11374953Abstract: Mechanisms are provided to implement a hybrid machine learning (ML) anomaly detector comprising an ensemble of unsupervised ML models and a semi-supervised ML model. The ensemble of unsupervised ML models are executed on log data to generate, for each entry in the log data, a predicted anomaly score and corresponding anomaly classification label of the entry. A partially labeled dataset is generated based on a selected subset of entries and other unlabeled log data in the log data. A similarity analysis of the unlabeled log data with entries in the selected subset of entries is performed and anomaly classification labels of the selected subset of entries are propagated to the other unlabeled log data based on the similarity analysis.Type: GrantFiled: March 6, 2020Date of Patent: June 28, 2022Assignee: International Business Machines CorporationInventors: Gary I Givental, Aankur Bhatia, Lu An
-
Patent number: 11237897Abstract: A method identifies and prioritizes anomalies in received monitoring logs from an endpoint log source. One or more processors identify anomalies in the monitoring logs by applying a plurality of disparate types of anomaly detection algorithms to the monitoring logs, and then determine a likelihood that the identified anomalies are anomalous based on outputs of the plurality of disparate types of anomaly detection algorithms. The processor(s) then prioritize the monitoring logs based on the likelihood that the identified anomalies are actually anomalous, and send prioritized monitoring logs that exceed a priority level to a security information and event management system (SIEM).Type: GrantFiled: July 25, 2019Date of Patent: February 1, 2022Assignee: International Business Machines CorporationInventors: Aankur Bhatia, Chadwick M. Baatz, Gary I. Givental, Thomas Wallace, Srinivas B. Tummalapenta
-
Patent number: 11201726Abstract: An example operation may include one or more of retrieving a predefined image from a storage, encoding data attributes to be stored on a blockchain into one or more image layers of the predefined image to generate an encoded image, generating a data block comprising the encoded image including the data attributes which are encoded into the one or more image layers, and storing the data block via a hash-linked chain of data blocks on a distributed ledger.Type: GrantFiled: May 2, 2019Date of Patent: December 14, 2021Assignee: International Business Machines CorporationInventors: Adam L. Griffin, Srinivas B. Tummalapenta, Gary I. Givental, Wesley A. Khademi, Aankur Bhatia
-
Patent number: 11165806Abstract: An anomaly detection system configured to generate a plurality of tensors based on spatial attributes of a set of cybersecurity data and temporal attributes of the set of cybersecurity data. The set of cybersecurity data comprising numeric data and textual data collected from a plurality of computational sources. The anomaly detection system can provide the plurality of tensors to a Hierarchical Temporal Memory (HTM) network. The HTM network can be configured to generate respective HTM outputs for respective regions of the HTM network. The anomaly detection system can determine that at least one HTM output indicates an anomaly, convert the at least one HTM output to a notification, and provide the notification to a user interface.Type: GrantFiled: January 8, 2020Date of Patent: November 2, 2021Assignee: International Business Machines CorporationInventors: Sharon Hagi, Gary I. Givental
-
Publication number: 20210279644Abstract: Mechanisms are provided to implement an ensemble of unsupervised machine learning (ML) models. The ensemble of unsupervised ML models processes a portion of input data to generate an ensemble output and the ensemble output is output to an authorized user computing device to obtain user feedback from the authorized user via the user computing device. The user feedback indicates a correctness of the ensemble output. The mechanisms modify at least one feature of the ensemble of unsupervised ML models based on the obtained user feedback to thereby generate a modified ensemble of unsupervised ML models. Subsequent portions of input data are then processed using the modified ensemble of unsupervised ML models.Type: ApplicationFiled: March 6, 2020Publication date: September 9, 2021Inventors: Gary I. Givental, Aankur Bhatia, Lu An
-
Publication number: 20210281592Abstract: Mechanisms are provided to implement a hybrid machine learning (ML) anomaly detector comprising an ensemble of unsupervised ML models and a semi-supervised ML model. The ensemble of unsupervised ML models are executed on log data to generate, for each entry in the log data, a predicted anomaly score and corresponding anomaly classification label of the entry. A partially labeled dataset is generated based on a selected subset of entries and other unlabeled log data in the log data. A similarity analysis of the unlabeled log data with entries in the selected subset of entries is performed and anomaly classification labels of the selected subset of entries are propagated to the other unlabeled log data based on the similarity analysis.Type: ApplicationFiled: March 6, 2020Publication date: September 9, 2021Inventors: Gary I. Givental, Aankur Bhatia, Lu An
-
Publication number: 20210264025Abstract: A machine learning model selector is provided. A set of machine learning (ML) models are trained based on a first training dataset. The set of trained ML model is executed on a second training dataset to generate a corresponding output for a set of data instances in the second training dataset. For each data instance in the set of data instances, a corresponding ranking of ML models is generated based on the corresponding output for the data instance generated by the set of ML models. A ML model selector is trained based on the data instances in the set of data instances and the corresponding ranking of ML models, to select a trained ML model based on an input data instance.Type: ApplicationFiled: February 26, 2020Publication date: August 26, 2021Inventors: Gary I. Givental, Aankur Bhatia, Joel Rajakumar
-
Publication number: 20210152327Abstract: An example operation may include one or more of receiving storage requests endorsed by blockchain peers of a blockchain, selecting a group of the endorsed storage requests to be stored together and ordering the group of endorsed storage requests with respect to each other based on timestamps, encoding the group of ordered and endorsed storage requests into an image, and storing the encoded image within a data section of a block of the blockchain.Type: ApplicationFiled: November 19, 2019Publication date: May 20, 2021Inventors: Gary I. Givental, HuyAnh Dinh Ngo, Srinivas Babu Tummalapenta, Aankur Bhatia, Wesley Ali Khademi, Adam Lee Griffin
-
Publication number: 20210026722Abstract: A method identifies and prioritizes anomalies in received monitoring logs from an endpoint log source. One or more processors identify anomalies in the monitoring logs by applying a plurality of disparate types of anomaly detection algorithms to the monitoring logs, and then determine a likelihood that the identified anomalies are anomalous based on outputs of the plurality of disparate types of anomaly detection algorithms. The processor(s) then prioritize the monitoring logs based on the likelihood that the identified anomalies are actually anomalous, and send prioritized monitoring logs that exceed a priority level to a security information and event management system (SIEM).Type: ApplicationFiled: July 25, 2019Publication date: January 28, 2021Inventors: AANKUR BHATIA, CHADWICK M. BAATZ, GARY I. GIVENTAL, THOMAS WALLACE, SRINIVAS B. TUMMALAPENTA
-
Patent number: 10832083Abstract: Mechanisms are provided to implement an image based event classification engine having an event image encoder and a first neural network computer model. The event image encoder receives an event data structure comprising a plurality of event attributes, where the event data structure represents an event occurring in association with a computing resource. The event image encoder executes, for each event attribute, a corresponding event attribute encoder that encodes the event attribute as a pixel pattern in a predetermined grid of pixels, corresponding to the event attribute, of an event image. The event image is into to a neural network computer model which applies one or more image feature extraction operations and image feature analysis algorithms to the event image to generate a classification prediction classifying the event into one of a plurality of predefined classifications and outputs the classification prediction.Type: GrantFiled: April 23, 2019Date of Patent: November 10, 2020Assignee: International Business Machines CorporationInventors: Gary I. Givental, Wesley A. Khademi, Aankur Bhatia, Srinivas B. Tummalapenta