Abstract: The present disclosure concerns a computer-implemented method for forensically analysing and determining a network associated with a network security threat. The method comprises: obtaining details of a flagged network event comprising data associated with a network security threat, the network event being between a first dataset and a destination dataset; tracing the data associated with the network security threat from the first dataset to a further dataset, the tracing involving obtaining details of at least one past network event between the first dataset and the further dataset; comparing details of the further dataset to predefined criteria to identify whether the further dataset is an intermediate dataset or a source dataset from which the data originated and adding the details of the further dataset to a forensic report; outputting the forensic report.

Abstract: The present disclosure concerns a computer-implemented method for reconstructing a dataset after detection of a network security threat in a network. The method comprises: determining a maximum flow for returning data associated with the network security threat to a source dataset via each of a plurality of paths through which the data has passed from the source dataset to the destination dataset; starting from the destination dataset, determining the data to be transferred to each dataset in the plurality of paths between the destination dataset and the one or more source datasets such that the data can be returned to the one or more source datasets, the data transferred in each path not exceeding the determined maximum flow for the path; adding the details of the determined amount of data to be transferred to a forensic report; and outputting the forensic report.

Abstract: A computer-implemented method for training a machine learning model to identify one or more network events associated with a network and representing a network security threat, the one or more network events being within a population comprising a plurality of network events, the method comprising: obtaining a dataset comprising data representative of the plurality of network events; defining a machine learning model associated with a type of network event and having an associated first feature vector; generating a training dataset comprising a fraction of the dataset, the fraction associated with network events corresponding to the type of network event; and training the machine learning model using the training dataset to produce a trained machine learning model.

Abstract: A data processing method comprising: recording a plurality of electronic value transfers occurring between a plurality of parties; performing an optimisation process on a matrix indicative of a value of each of net electronic value transfers between each of the parties, wherein the matrix is indicative of a relationship between a first electronic store of value held by each of the parties before execution of the net electronic value transfers and a second electronic store of value held by each of the parties after execution of the net electronic value transfers, and the optimisation process comprises selecting a portion of the electronic value transfers for determining the net electronic value transfers indicated by the matrix so as to minimise a difference between the first and second electronic stores of value held by each of the parties; and outputting the selected portion of the electronic value transfers for processing.