http://rdf.ncbi.nlm.nih.gov/pubchem/patent/EP-4102385-A1
Outgoing Links
Predicate | Object |
---|---|
assignee | http://rdf.ncbi.nlm.nih.gov/pubchem/patentassignee/MD5_4ddcb273a108a5d8472b335280098e06 |
classificationCPCAdditional | http://rdf.ncbi.nlm.nih.gov/pubchem/patentcpc/G06N5-027 http://rdf.ncbi.nlm.nih.gov/pubchem/patentcpc/G06N7-01 |
classificationCPCInventive | http://rdf.ncbi.nlm.nih.gov/pubchem/patentcpc/G06N3-045 http://rdf.ncbi.nlm.nih.gov/pubchem/patentcpc/G06N3-088 http://rdf.ncbi.nlm.nih.gov/pubchem/patentcpc/G06N5-025 http://rdf.ncbi.nlm.nih.gov/pubchem/patentcpc/G06N5-045 http://rdf.ncbi.nlm.nih.gov/pubchem/patentcpc/G06F16-24578 http://rdf.ncbi.nlm.nih.gov/pubchem/patentcpc/G06F21-552 http://rdf.ncbi.nlm.nih.gov/pubchem/patentcpc/G06F21-554 |
classificationIPCInventive | http://rdf.ncbi.nlm.nih.gov/pubchem/patentipc/G06N20-00 http://rdf.ncbi.nlm.nih.gov/pubchem/patentipc/G06F16-36 http://rdf.ncbi.nlm.nih.gov/pubchem/patentipc/G06F21-55 |
filingDate | 2021-06-08-04:00^^<http://www.w3.org/2001/XMLSchema#date> |
inventor | http://rdf.ncbi.nlm.nih.gov/pubchem/patentinventor/MD5_c0829d279dd9521ac7e0a10697046e67 http://rdf.ncbi.nlm.nih.gov/pubchem/patentinventor/MD5_d3b42acb6c7af2e72f9354b461139352 http://rdf.ncbi.nlm.nih.gov/pubchem/patentinventor/MD5_4a66aa583c0774b78f1bfae13ae437c8 |
publicationDate | 2022-12-14-04:00^^<http://www.w3.org/2001/XMLSchema#date> |
publicationNumber | EP-4102385-A1 |
titleOfInvention | Method and system for automated analysis of industrial cyber-security events |
abstract | A first mapping component (Ml) produces observed triple statements from events received from at least one security tool (SMDT) monitoring an industrial system. A link-prediction component (LPC) estimates a probability score for each observed triple statement by means of link prediction in a knowledge graph (KG) representing the industrial system. A scoring component (SC) computes at least one priority score for at least one entity of the industrial system contained in the knowledge graph and/or at least one of the events based on the probability scores. Priority scores can be computed for some or all possible events in the industrial system as a reference to prioritize alerts coming from the security tools. The system works in an unsupervised manner and therefore does not require known labeled anomalies or attacks to predict the maliciousness of observed events. In fact, the system does not directly try to infer (predict) maliciousness in entities or events on the knowledge graph. Instead, priority scores are used during operation to evaluate actual system observations and prioritize them, so that attention can be drawn to the ones most likely to be security relevant. Therefore, a knowledge graph-based recommendation system for automated analysis of industrial cybersecurity events is provided. Advantageous embodiments include ranking-based metrics operating on candidate lists of permutations for the priority score computation, as well as unsupervised initial training using semantic integration from heterogenous data sources. |
priorityDate | 2021-06-08-04:00^^<http://www.w3.org/2001/XMLSchema#date> |
type | http://data.epo.org/linked-data/def/patent/Publication |
Incoming Links
Predicate | Subject |
---|---|
isDiscussedBy | http://rdf.ncbi.nlm.nih.gov/pubchem/substance/SID419562910 http://rdf.ncbi.nlm.nih.gov/pubchem/compound/CID128061 |
Total number of triples: 25.