Network anomaly detection
US-2016352768-A1 · Dec 1, 2016 · US
Unstructured security threat information analysis
US10880320B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10880320-B2 |
| Application number | US-201816046451-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 26, 2018 |
| Priority date | Aug 29, 2014 |
| Publication date | Dec 29, 2020 |
| Grant date | Dec 29, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods, systems, and apparatus, including computer programs encoded on computer storage media, for creating structured data using data received from unstructured textual data sources. One of the methods includes receiving unstructured textual data, identifying one or more keywords in the unstructured textual data, determining one or more patterns included in the unstructured textual data using the identified keywords, identifying one or more intelligence types that correspond with the unstructured textual data using the determined patterns, and associating, for each of the identified intelligence types, a data subset from the unstructured textual data with the respective intelligence type.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method comprising: maintaining, in a security threat database for a computer security threat analysis system, data for a plurality of data constructs including a) a first data construct for a first intelligence type that identifies data for a first security threat from first unstructured data in a format that is not specific to any particular intelligence type from a plurality of intelligence types and b) a second data construct for a second intelligence type that identifies data for a second security threat from second unstructured data in a format that is not specific to any particular intelligence type from the plurality of intelligence types, the plurality of intelligence types including the first intelligence type and the second intelligence type, the second security threat being a different security threat from the first security threat, the second data construct being a different data construct from the first data construct; determining, by a risk analysis device in the computer security threat analysis system and using data from the security threat database, that the first data construct and the second data construct identify potential computer security threats for a third party system; determining, by the risk analysis device, a priority ranking that i) includes a first priority for the first data construct, ii) includes a second, different priority for the second data construct, and iii) indicates an order by which the third party system should address the first security threat identified by the first data construct with the first priority and the second security threat identified by the second data construct with the second, different priority; and providing, by the risk analysis device and to the third party system, the first data construct and the second data construct according to the priority ranking to cause the third party system to address a higher priority threat from the first security threat and the second security threat before a lower priority threat. 2. The method of claim 1 , comprising: receiving, by a parser included in the computer security threat analysis system, the first unstructured data in a format that is not specific to any particular intelligence type from the plurality of intelligence types; generating, by the parser and using the first unstructured data, the first data construct (a) for the first intelligence type from the plurality of intelligence types (b) that identifies the first security threat; receiving, by the parser, the second unstructured data in a format that is not specific to any particular intelligence type from the plurality of intelligence types, the second unstructured data comprising different data from the first unstructured data; generating, by the parser and using the second unstructured data, the second data construct (i) for the second intelligence type from the plurality of intelligence types (b) that identifies the second security threat; and storing, by the parser and in the security threat database, the first data construct and the second data construct. 3. The method of claim 2 , wherein: the second intelligence type is a different intelligence type from the first intelligence type; generating the first data construct comprises creating the first data construct that has a first format and one or more first value types for the first intelligence type; and generating the second data construct comprises creating the second data construct that has a second format different from the first format and one or more second value types for the second intelligence type. 4. The method of claim 1 , wherein determining the priority ranking for the first data construct and the second data construct that indicates the order by which the third party system should address the first security threat and the second security threat comprises determining the priority ranking for the first data construct and the second data construct using a first date for the first data construct and a second date for the second data construct. 5. The method of claim 4 , wherein determining the priority ranking for the first data construct and the second data construct using the first date for the first data construct and the second date for the second data construct comprises assigning a higher priority to the first data construct when the first data construct has a more recent date than the second data construct. 6. The method of claim 4 , wherein determining the priority ranking for the first data construct and the second data construct using the first date for the first data construct and the second date for the second data construct comprises determining the priority ranking for the first data construct and the second data construct using a threat identification date for the security threat identified by the respective data construct. 7. The method of claim 4 , wherein determining the priority ranking for the first data construct and the second data construct using the first date for the first data construct and the second date for the second data construct comprises determining the priority ranking for the first data construct and the second data construct using a threat use date for the security threat identified by the respective data construct. 8. The method of claim 1 , wherein determining the priority ranking for the first data construct and the second data construct that indicates the order by which the third party system should address the first security threat and the second security threat comprises determining the priority ranking for the first data construct and the second data construct using severity ratings for the security threats identified in the first data construct and the second data construct. 9. The method of claim 8 , comprising: determining a first severity rating for the first security threat using the first unstructured data; and determining a second severity rating for the second security threat using the second unstructured data, wherein determining the priority ranking uses the first severity rating and the second severity rating. 10. The method of claim 1 , wherein determining the priority ranking for the first data construct and the second data construct that indicates the order by which the third party system should address the first security threat and the second security threat comprises determining the priority ranking for the first data construct and the second data construct using data that indicates whether a government source released a statement about the first security threat or the second security threat or both. 11. The method of claim 1 , wherein providing, to the third party system, the first data construct and the second data construct according to the priority ranking comprises providing, to the third party system, automation instructions that identify the first data construct and the second data construct to cause the third party system to automatically, without user input, perform actions to address the higher priority threat before performing other actions to address the lower priority threat. 12. The method of claim 1 , wherein determining that the first data construct and the second data construct identify potential computer security threats for a third party system comprises: determining that the third party system should receive data constructs for the first intelligence type and the second intelligence type; and in response to determining that the third party system should receive data constructs for the first intelligence type and the second intelligence type, determining to provide the first data construct and the second data construct to th
Assignees
Inventors
Classifications
- G06F21/55Primary
Detecting local intrusion or implementing counter-measures · CPC title
using third party service providers · CPC title
using natural language analysis · CPC title
based on web technology, e.g. hypertext transfer protocol [HTTP] · CPC title
- H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10880320B2 cover?
- Methods, systems, and apparatus, including computer programs encoded on computer storage media, for creating structured data using data received from unstructured textual data sources. One of the methods includes receiving unstructured textual data, identifying one or more keywords in the unstructured textual data, determining one or more patterns included in the unstructured textual data using…
- Who is the assignee on this patent?
- Accenture Global Services Ltd
- What technology area does this patent fall under?
- Primary CPC classification G06F21/55. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Dec 29 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 9 related publications on this page (citations in our corpus or others sharing the same primary CPC).