Abstract: Embodiments relate to analyzing dataset. A method of analyzing data is provided. The method obtains a description of a dataset. The method automatically generates a plurality of analysis options from the description of the dataset. The method generates a plurality of queries based on the analysis options. The method deploys the queries on the dataset to build a plurality of statistical models from the dataset.

Abstract: Embodiments relate to analyzing dataset. A method of analyzing data is provided. The method obtains a description of a dataset. The method automatically generates a plurality of analysis options from the description of the dataset. The method generates a plurality of queries based on the analysis options. The method deploys the queries on the dataset to build a plurality of statistical models from the dataset.

Abstract: A network security apparatus includes a packet detector detecting transmission of data packets between a plurality of hosts and a plurality of domains and defining a plurality of links therefrom. A model builder circuit receives the plurality of links from the packet detector, receives ground truth information labeling one or more of the plurality of hosts or one or more of the plurality of domains as benign or malicious, generates predictive models from the received links and ground truth information, and stores generated predictive models in a predictive model database. An anomaly detector circuit retrieves the generated predictive models from the predictive model database and uses the predictive models to label each of the plurality of hosts and plurality of domains, that have not previously been labeled by the ground truth information, as benign or malicious.

Abstract: A method for performing assisted knowledge discovery includes receiving a dataset. Each of a plurality of analytical techniques is applied to the received data set to generate a plurality of corresponding analytical results. A composite validation metric is applied to each of the plurality of analytical results. The composite validation metric is a single scoring/ranking function that is created from a plurality of different scoring/ranking functions. The plurality of analytical results is presented to a user arranged in accordance with the results of the applying the composite validation metric to each of the plurality of analytical results. A selection from the user from among the plurality of analytical results is recorded. The user's selection is used to modify the composite validation metric such that the analytical techniques responsible for generating the selected analytical result is scored/ranked more highly.

Abstract: A network security apparatus includes a packet detector detecting transmission of data packets between a plurality of hosts and a plurality of domains and defining a plurality of links therefrom. A model builder circuit receives the plurality of links from the packet detector, receives ground truth information labeling one or more of the plurality of hosts or one or more of the plurality of domains as benign or malicious, generates predictive models from the received links and ground truth information, and stores generated predictive models in a predictive model database. An anomaly detector circuit retrieves the generated predictive models from the predictive model database and uses the predictive models to label each of the plurality of hosts and plurality of domains, that have not previously been labeled by the ground truth information, as benign or malicious.

Abstract: In one embodiment, a computer-implemented method includes observing one or more entities by way of two or more data sources. A plurality of detection scores are computed by one or more detectors. Each detection score corresponds to an entity of the one or more entities, a detector of the one or more detectors, and a time. The plurality of detection scores are compiled into two or more tensors, where each tensor corresponds to a data source of the two or more data sources. The two or more tensors are compared to one another, by a computer processor. An inconsistency score is calculated for each of the one or more entities, based on comparing the two or more tensors to one another.

Abstract: In one embodiment, a computer-implemented method includes observing one or more entities by way of two or more data sources. A plurality of detection scores are computed by one or more detectors. Each detection score corresponds to an entity of the one or more entities, a detector of the one or more detectors, and a time. The plurality of detection scores are compiled into two or more tensors, where each tensor corresponds to a data source of the two or more data sources. The two or more tensors are compared to one another, by a computer processor. An inconsistency score is calculated for each of the one or more entities, based on comparing the two or more tensors to one another.

Abstract: Embodiments relate to analyzing dataset. A method of analyzing data is provided. The method obtains a description of a dataset. The method automatically generates a plurality of analysis options from the description of the dataset. The method generates a plurality of queries based on the analysis options. The method deploys the queries on the dataset to build a plurality of statistical models from the dataset.

Abstract: Embodiments relate to analyzing dataset. A method of analyzing data is provided. The method obtains a description of a dataset. The method automatically generates a plurality of analysis options from the description of the dataset. The method generates a plurality of queries based on the analysis options. The method deploys the queries on the dataset to build a plurality of statistical models from the dataset.

Abstract: A method for performing assisted knowledge discovery includes receiving a dataset. Each of a plurality of analytical techniques is applied to the received data set to generate a plurality of corresponding analytical results. A composite validation metric is applied to each of the plurality of analytical results. The composite validation metric is a single scoring/ranking function that is created from a plurality of different scoring/ranking functions. The plurality of analytical results is presented to a user arranged in accordance with the results of the applying the composite validation metric to each of the plurality of analytical results. A selection from the user from among the plurality of analytical results is recorded. The user's selection is used to modify the composite validation metric such that the analytical techniques responsible for generating the selected analytical result is scored/ranked more highly.