Abstract: A computer implemented method of detecting an increased vulnerability of a software system including a plurality of software components, the method including generating a vector representation of each software component derived from a neural network trained using training data defined from known vulnerabilities of the software components in the software system, wherein the training data is augmented by replicating each of one or more training data items in the training data responsive to one or more attributes of a vulnerability corresponding to the training data item; aggregating the vector representations for the software component to an aggregate vector representation for a particular time; repeating the generating and the aggregating for a plurality of points in time to generate multiple generations of aggregate vector representations; comparing the multiple generations of aggregate vector representations to detect a change in an aggregate vector representation exceeding a maximum threshold degree of chan

Abstract: A computer implemented method of a machine learning algorithm modelling a target function mapping inputs in an input domain to outputs in an output range, the machine learning algorithm including an array of processing nodes arranged in a network of layers of nodes including an input layer for receiving an input value, an output layer for providing an output value, and one or more intermediate layers between the input and output layers, each node in the processing set being outside the input layer receiving input from at least some adjacent nodes logically closer to the input layer via weighted connections between nodes, and each node being outside the output layer generating output to at least some adjacent nodes logically closer to the output layer via weighted connections between nodes, wherein each node includes: an adjustable weight for application to each input to the node, the adjustment weight being responsive to a threshold function applied to a value of the node input; a combination function for com

Abstract: A computer implemented method of clustering computer systems in a plurality of systems to identify computer systems being subject to a common security occurrence, each computer system generating data records corresponding to security events in respect the systems, the method comprising: receiving a set of one or more data records associated with each computer system, each record including a sequence of data fields; generate a vector embedding for each data field in each record; evaluate a distance of each vector embedding from a reference vector as an indicator of semantic distance; identifying similar data records based on a measure of a degree of similarity of the distances of vector embeddings for each record; defining a cluster of computer systems including computer systems associated with the similar data records for applying protective measures to the computer systems in the cluster.

Abstract: A computer implemented method of determining an association between disparate first and second data items wherein the second data item is at least partly derived from the first data item, the method comprising: evaluating a cryptographic hash to each result of each of a plurality of disparate feature extraction methods, each feature extraction method being applied to each of the first and second data items to generate a set of hashes for each data item; responsive to a non-empty set of hashes in the intersect of the sets of hashes for each data item, identifying an association between the first and second data items.

Abstract: A computer implemented method of feature detection in temporal graph data structures of events, the method including receiving a temporal series of graph data structures of events each including a plurality of nodes corresponding to events and edges connecting nodes corresponding to relationships between events; rendering each graph data structure in the series as an image representation of the graph data structure including a representation of nodes and edges in the graph being rendered reproducibly in a cartesian space based on attributes of the nodes and edges, so as to generate a temporal series of image representations ordered according to the temporal graph data structures; processing the series of image representations by a convolutional neural network to classify the image series so as to identify a feature in the image series, the convolutional neural network being trained by a supervised training method including a plurality of training example image series in which a subset of the training examples

Abstract: A computer implemented method of remediating an increased vulnerability of a software system including a plurality of software components, the method including generating a vector representation of each software component derived from a neural network trained using training data defined from known vulnerabilities of the software components in the software system; aggregating the vector representations for the software component to an aggregate vector representation for a particular time; repeating the generating and the aggregating for a plurality of points in time to generate multiple generations of aggregate vector representations; comparing the multiple generations of aggregate vector representations to detect a change in an aggregate vector representation exceeding a maximum threshold degree of change as an indication of an increased vulnerability of the software system, responsive to which iteratively adjusting the software components in the software system and, at each iteration, regenerating an aggrega

Abstract: A computer implemented method of detecting an increased vulnerability of a software system including a plurality of software components, the method including generating a vector representation of each software component derived from a neural network trained using training data defined from known vulnerabilities of the software components in the software system, wherein the training data is augmented by replicating each of one or more training data items in the training data responsive to one or more attributes of a vulnerability corresponding to the training data item; aggregating the vector representations for the software component to an aggregate vector representation for a particular time; repeating the generating and the aggregating for a plurality of points in time to generate multiple generations of aggregate vector representations; comparing the multiple generations of aggregate vector representations to detect a change in an aggregate vector representation exceeding a maximum threshold degree of chan

Abstract: A computer implemented method of detecting an increased vulnerability of a software system including a plurality of software components, the method including generating a vector representation of each software component derived from a neural network trained using training data defined from known vulnerabilities of the software components in the software system; aggregating the vector representations for the software component to an aggregate vector representation for a particular time; repeating the generating and the aggregating for a plurality of points in time to generate multiple generations of aggregate vector representations; and comparing the multiple generations of aggregate vector representations to detect a change in an aggregate vector representation exceeding a maximum threshold degree of change as an indication of an increased vulnerability of the software system.