Abstract: The techniques disclosed herein identify ransomware attacks as they are occurring, improving the security and functionality of computer systems. Ransomware attacks are identified using a new probabilistic machine learning model that better handles the unique properties of ransomware data. Ransomware data includes a list of computing operations, some of which are labeled as being associated with ransomware attacks. In contrast to deterministic machine learning techniques that learn weights, probabilistic machine learning techniques learn the parameters of a distribution function. In some configurations, a radial Spike and Slab distribution function is used within a Bayesian neural network framework to better handle sparse, missing, and imbalanced data. Once trained, the machine learning model may be provided with real-time operations, e.g., from a cloud service security module, from which to infer whether a ransomware attack is taking place.

Abstract: Systems, apparatuses, methods, and computer programs for detecting anomalies to identify coordinated group attacks on computer networks are provided. An anomaly graph of a network including nodes, edges, and an indegree of the nodes in the anomaly graph may be determined. Nodes with an indegree of at least two may be designated as potential targets. Nodes with no incoming connections may be designated as potentially compromised nodes. The designated potentially compromised nodes may be outputted as potentially associated with a coordinated attack on the network when the potentially compromised nodes connect to one or more of the same potential target nodes.