The disclosure relates generally to a system and method for threat scoring and in particular to a system and method for cyber threat scoring.
A threat is an attack against a computer network, computer, server and the like (collectively each a “computing device”). The threat is typically carried out in an attempt to gain access to the computing device, steal information/data stored and managed by the computing device or disable the computing device. For each threat, the information about the threat has many attributes such as Attack Source, Destination Source, Location, Time Stamp, and so on. Threat scoring or prioritization adds a threat score to each one of these attributes.
Threat scoring allows security professionals to prioritize the data stream and create mechanisms for dealing with cyber threats. For example, security professionals can create policies that block access to information if the score level is above a certain threshold. Threat scoring has the following challenges:
Machine learning software can be used to analyze cyber threat data labeled by security professionals and generate models that can be used to score threats in unlabeled data. The labeled data, with threat scores ranging from 0.0 to 1.0 in this case, is referred to as the ground truth. Analyzing the ground truth generated by security professionals allows the machine-learning software to mimic the logic they used to label the data, which results in more accurate threat scores than ground truth generated by non-experts. The challenge is that the accuracy of the ground truth depends who labels the threat data. Even security professionals can differ in how they label the data. Currently, there is no consensus on how best to determine the ground truth for threat scoring.
There are several factors that determine the threat score such as the number of attacks, diversity of attacks, a company's reliable threat information, and factors discovered by other threat analysis tools. Each factor has a different reliability score. For example, one of the analysis tools, DSAP, is known for highly reliable analytical tools, but it takes DSAP 5 minutes on average to thoroughly analyze malware. Thus, reliability comes at the expense of data processing throughput. Using highly reliable methods for threat detection results in smaller datasets, which adversely impacts the results of machine-learning analysis of the data.
Usually, threat information is associated with a source IP address or URL. However, some attackers cleverly change the IP address or URL to avoid detection. In this case, even if threat scoring were successful, if an attacker changes the IP address after a few hours, the analyzed data would be of no use.
Threat scoring has various general benefits including time and efficiency gains within SOCs and managed security service providers (MSSPs) and a reduction in the risk of failure to detect and mitigate threats. Security professionals might not be able to check all of the threats if they are not scored, but with scoring, the professionals will have a much smaller numbers of threats to check, which increases the chances of these threats being acted upon.
Thus, it is desirable to provide a novel threat scoring system and method and it is to this end that the disclosure is directed.
The disclosure is particularly applicable to a threat scoring system for cyber-threats and it is in this context that the disclosure will be described. It will be appreciated, however, that the system and method has greater utility since the system may be used to score different types of threats and may also be implemented in other manners.
The system 200 may have one or more computing devices 202 (part of a frontend), such as computing devices 202A, 202B, . . . , 202N as shown in
The communication path 204 may be a wired communication link, a wireless communication link or a combination of both wired and wireless communications links that allow each computing device to connect to the backend system 206 and exchange data with the backend system using various communication and data protocols. For example, in the implementation shown in
The backend 206 may be implemented using one or more computing resources, such as server computers, mainframe computers, blade servers, processors, storage devices and the like. In one implementation, the backend 206 may have at least one processor that may execute a threat scoring component 208 (that has a plurality of lines of instructions/computer code) to implement the threat scoring method described below. In other implementations, the threat scoring component 208 may be a piece of hardware (integrated circuit, microcontroller, logic device, etc.) that implement the threat scoring method described below.
The system 200 may also have storage 210 that is accessible by the threat scoring component 208 and the data may be used by the system to perform the threat scoring method as described below. The storage 210 may store, for example, user data, various types of threat data and threat data factors as described below and various other types of data.
Selecting Threat Factors 302
During this process 302, one or more threat factors may be selected/inputted into the system (310). In one example, a user may enter the one or more threat factors into the system using a user interface. An example of a user interface for entering the threat factors is shown in
The following is an example of original data from which the system may extracts factors.
Based on the above example threat data, the system may extract factors from the threat data. From the example data above, the system may extract seven factors, although the system can also extract fewer or more factors depending on the data and what security professionals think is appropriate for the customer. Based on the example data above, the system may extract the following 7 factor candidates.
f1: The number of attacks
f2: The diversity of attacks
f3: The diversity of sensors
f4: Dimension Data Annotation
f5: Palo Alto Network's Thread
f6: Honey Pot detection
f7: DSAP detection
An example of an interface that displays the extracted factors from which a user may select the threat factors is shown in
The system scales the scores for these factors so that the scores are between 0 and 1 (0<=f*<=1).
Assigning Weights to Selected Factors (304)
In this process 304, a weight of each selected factor may be assigned (process 320) using the frontend (one of the computing devices 202). In one embodiment, a user may use a user interface (an example of which is shown in
In the example shown in
In the process 304, the process may include an interactive weight computation 322, a ground truth computation 324 (and normalization) and feature engineering 326 based on the selected factors, the extracted factors from the factor extractor 314 and the pre-processed and scaled threat data and threat score data.
During the interactive weigh computation (322), based on the factor selection, the customer is presented with nC2 combination patterns. The system may use the customer selection above to calculate the weight between factors a and b (wab). Then, the n-by-n reciprocal matrix is:
For example, according to the selections in the example in
This results in the following:
For the overall weight computation, it is known that the 1st Eigenvector of W corresponds to the overall weight, as shown in the following formula:
EigVec(A)=W=[w1*,w2*,w3*]
In this formula, w1* represents the overall weight.
To compute the normalized weight w1, the system uses the following formula:
In the above case, w1*=[−0.305, −0.138, −0.942]{circumflex over ( )}T and w_1=[ 0.220, 0.100, 0.680]{circumflex over ( )}T.
Using the normalized weight, the ground truth process 324 proceeds to compute the ground truth as follows, fk where represents the kth factor:
f=[f1,f2, . . . ,fk, . . . ,fn]
score=f×w1([1×n]×[n×1]=scalar)
This computation should be made for all of the complete datasets. Note that not all data points have computable ground truths. For example, if a factor's dimensional data score (DD's score) is NaN (not a number), the ground truth cannot be computed. For example, as shown in
The key point of the processes is that each customer/user of the system can place different emphasis on threat analysis and thus the threat scoring is adjusted based on the different emphasis applied by the users. In the system, the feature extraction uses the original threat data 210A that may have 30-dimensional data point and the factors extracted as described above provide the additional features. These two components are concatenated as a feature.
The purpose of the feature engineering 326 is to convert the raw data into the proper data for machine learning. Categorical information may be one-hot encoded. In the threat data case, the following list should be converted. This transaction expands the feature space from 40 to 180.
Other features may be scaled so that the scores are from 0.0 to 1.0. The finalized dataset for the exemplary data is shown in
Scoring Threats by Machine Learning and Performance Evaluation Process 306
In this process 306, the system may perform machine learning to score the threats 330 and do performance evaluation 332 and then generate results that may be displayed 334 to the user on the computing device 202. An example of the results for the exemplary data is shown in
Because of the unique ID problem stated earlier, the prediction model, a regression model, must be remodeled at certain refresh intervals, which keeps the IP addresses updated. The refresh intervals can be determined by taking into account the computational time that is required for data analysis. With regards to regression prediction with machine learning, the data with the computed ground truth is used for machine learning analysis (threats 101 and 102 in
The regression model can be one of the following models or a combination of them.
Logistic Regression
Deep Learning
Random Forest
This regression model must be carefully chosen through trial and error in a real-life production environment to maximize prediction performance. An example of the results of the machine learning is shown in
Performance Evaluation 332
For evaluation, the system uses the root-mean squared error (RMSE) metric, which is a commonly used metric for regression models. The performance evaluation example is shown in
The following formula is used for calculating RMSE, where x is the ground truth, x˜ is the predicted value, and N is the data size.
For example, the data whose ground truth is 0.80 is predicted as 0.7. In this case, the error is 0.1. Another data whose ground truth is 0.60 is predicted as 0.9. In this case, the error is 0.3. RMSE for these 2 data points is 0.2.
A 10-fold cross validation must be performed only for the complete data.
Even though the power of machine learning is especially shown in the orange box data in the preceding diagram, the prediction performance for these data cannot be computed.
Experimental Result
To assess the performance of the system, the system may use to process a small example dataset. For the dataset, we used 6 hours of live threat data and used a Random Forest regression model with 1,000 seeds. The experiment ran on a MacBook Pro with a 3.1 GHz Intel Core i7 processor and 16 GB of RAM.
The average values of the accuracy results over 10 trials were as follows:
RMSE learning error: 0.039
RMSE test error: 0.041
The computational time results were as follows:
Ground-truth computation: 58 seconds
Learning processing: 3 minute and 30 seconds
Test processing: 14 seconds
As shown in
The foregoing description, for purpose of explanation, has been described with reference to specific embodiments. However, the illustrative discussions above are not intended to be exhaustive or to limit the disclosure to the precise forms disclosed. Many modifications and variations are possible in view of the above teachings. The embodiments were chosen and described in order to best explain the principles of the disclosure and its practical applications, to thereby enable others skilled in the art to best utilize the disclosure and various embodiments with various modifications as are suited to the particular use contemplated.
The system and method disclosed herein may be implemented via one or more components, systems, servers, appliances, other subcomponents, or distributed between such elements. When implemented as a system, such systems may include and/or involve, inter alia, components such as software modules, general-purpose CPU, RAM, etc. found in general-purpose computers. In implementations where the innovations reside on a server, such a server may include or involve components such as CPU, RAM, etc., such as those found in general-purpose computers.
Additionally, the system and method herein may be achieved via implementations with disparate or entirely different software, hardware and/or firmware components, beyond that set forth above. With regard to such other components (e.g., software, processing components, etc.) and/or computer-readable media associated with or embodying the present inventions, for example, aspects of the innovations herein may be implemented consistent with numerous general purpose or special purpose computing systems or configurations. Various exemplary computing systems, environments, and/or configurations that may be suitable for use with the innovations herein may include, but are not limited to: software or other components within or embodied on personal computers, servers or server computing devices such as routing/connectivity components, hand-held or laptop devices, multiprocessor systems, microprocessor-based systems, set top boxes, consumer electronic devices, network PCs, other existing computer platforms, distributed computing environments that include one or more of the above systems or devices, etc.
In some instances, aspects of the system and method may be achieved via or performed by logic and/or logic instructions including program modules, executed in association with such components or circuitry, for example. In general, program modules may include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular instructions herein. The inventions may also be practiced in the context of distributed software, computer, or circuit settings where circuitry is connected via communication buses, circuitry or links. In distributed settings, control/instructions may occur from both local and remote computer storage media including memory storage devices.
The software, circuitry and components herein may also include and/or utilize one or more type of computer readable media. Computer readable media can be any available media that is resident on, associable with, or can be accessed by such circuits and/or computing components. By way of example, and not limitation, computer readable media may comprise computer storage media and communication media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and can accessed by computing component. Communication media may comprise computer readable instructions, data structures, program modules and/or other components. Further, communication media may include wired media such as a wired network or direct-wired connection, however no media of any such type herein includes transitory media. Combinations of the any of the above are also included within the scope of computer readable media.
In the present description, the terms component, module, device, etc. may refer to any type of logical or functional software elements, circuits, blocks and/or processes that may be implemented in a variety of ways. For example, the functions of various circuits and/or blocks can be combined with one another into any other number of modules. Each module may even be implemented as a software program stored on a tangible memory (e.g., random access memory, read only memory, CD-ROM memory, hard disk drive, etc.) to be read by a central processing unit to implement the functions of the innovations herein. Or, the modules can comprise programming instructions transmitted to a general purpose computer or to processing/graphics hardware via a transmission carrier wave. Also, the modules can be implemented as hardware logic circuitry implementing the functions encompassed by the innovations herein. Finally, the modules can be implemented using special purpose instructions (SIMD instructions), field programmable logic arrays or any mix thereof which provides the desired level performance and cost.
As disclosed herein, features consistent with the disclosure may be implemented via computer-hardware, software and/or firmware. For example, the systems and methods disclosed herein may be embodied in various forms including, for example, a data processor, such as a computer that also includes a database, digital electronic circuitry, firmware, software, or in combinations of them. Further, while some of the disclosed implementations describe specific hardware components, systems and methods consistent with the innovations herein may be implemented with any combination of hardware, software and/or firmware. Moreover, the above-noted features and other aspects and principles of the innovations herein may be implemented in various environments. Such environments and related applications may be specially constructed for performing the various routines, processes and/or operations according to the invention or they may include a general-purpose computer or computing platform selectively activated or reconfigured by code to provide the necessary functionality. The processes disclosed herein are not inherently related to any particular computer, network, architecture, environment, or other apparatus, and may be implemented by a suitable combination of hardware, software, and/or firmware. For example, various general-purpose machines may be used with programs written in accordance with teachings of the invention, or it may be more convenient to construct a specialized apparatus or system to perform the required methods and techniques.
Aspects of the method and system described herein, such as the logic, may also be implemented as functionality programmed into any of a variety of circuitry, including programmable logic devices (“PLDs”), such as field programmable gate arrays (“FPGAs”), programmable array logic (“PAL”) devices, electrically programmable logic and memory devices and standard cell-based devices, as well as application specific integrated circuits. Some other possibilities for implementing aspects include: memory devices, microcontrollers with memory (such as EEPROM), embedded microprocessors, firmware, software, etc. Furthermore, aspects may be embodied in microprocessors having software-based circuit emulation, discrete logic (sequential and combinatorial), custom devices, fuzzy (neural) logic, quantum devices, and hybrids of any of the above device types. The underlying device technologies may be provided in a variety of component types, e.g., metal-oxide semiconductor field-effect transistor (“MOSFET”) technologies like complementary metal-oxide semiconductor (“CMOS”), bipolar technologies like emitter-coupled logic (“ECL”), polymer technologies (e.g., silicon-conjugated polymer and metal-conjugated polymer-metal structures), mixed analog and digital, and so on.
It should also be noted that the various logic and/or functions disclosed herein may be enabled using any number of combinations of hardware, firmware, and/or as data and/or instructions embodied in various machine-readable or computer-readable media, in terms of their behavioral, register transfer, logic component, and/or other characteristics. Computer-readable media in which such formatted data and/or instructions may be embodied include, but are not limited to, non-volatile storage media in various forms (e.g., optical, magnetic or semiconductor storage media) though again does not include transitory media. Unless the context clearly requires otherwise, throughout the description, the words “comprise,” “comprising,” and the like are to be construed in an inclusive sense as opposed to an exclusive or exhaustive sense; that is to say, in a sense of “including, but not limited to.” Words using the singular or plural number also include the plural or singular number respectively. Additionally, the words “herein,” “hereunder,” “above,” “below,” and words of similar import refer to this application as a whole and not to any particular portions of this application. When the word “or” is used in reference to a list of two or more items, that word covers all of the following interpretations of the word: any of the items in the list, all of the items in the list and any combination of the items in the list.
Although certain presently preferred implementations of the invention have been specifically described herein, it will be apparent to those skilled in the art to which the invention pertains that variations and modifications of the various implementations shown and described herein may be made without departing from the spirit and scope of the invention. Accordingly, it is intended that the invention be limited only to the extent required by the applicable rules of law.
While the foregoing has been with reference to a particular embodiment of the disclosure, it will be appreciated by those skilled in the art that changes in this embodiment may be made without departing from the principles and spirit of the disclosure, the scope of which is defined by the appended claims.
This application claims priority under 35 USC 120 and the benefit under 35 USC 119(e) to U.S. Provisional Patent Application Ser. No. 62/396,591, filed Sep. 19, 2016 and entitled “Threat Scoring System and Method”, the entirety of which is incorporated herein by reference.
Number | Name | Date | Kind |
---|---|---|---|
4941176 | Matyas et al. | Jul 1990 | A |
6575902 | Burton | Jun 2003 | B1 |
7610624 | Brothers et al. | Oct 2009 | B1 |
7703128 | Cross et al. | Apr 2010 | B2 |
7912698 | Statnikov et al. | Mar 2011 | B2 |
8135718 | Das et al. | Mar 2012 | B1 |
8418249 | Nuycci et al. | Apr 2013 | B1 |
8621203 | Ekberg et al. | Dec 2013 | B2 |
8719924 | Williamson et al. | May 2014 | B1 |
8726379 | Stiansen et al. | May 2014 | B1 |
8762298 | Ranjan et al. | Jun 2014 | B1 |
8806647 | Daswani et al. | Aug 2014 | B1 |
8831228 | Agrawal et al. | Sep 2014 | B1 |
8892876 | Huang et al. | Nov 2014 | B1 |
9144389 | Srinivasan et al. | Sep 2015 | B2 |
9183387 | Altman et al. | Nov 2015 | B1 |
9258321 | Amsler et al. | Feb 2016 | B2 |
9270689 | Wang et al. | Feb 2016 | B1 |
9356942 | Joffe | May 2016 | B1 |
9674880 | Egner et al. | Jun 2017 | B1 |
9680855 | Schultz et al. | Jun 2017 | B2 |
9716728 | Tumulak | Jul 2017 | B1 |
9787640 | Xie et al. | Oct 2017 | B1 |
10026330 | Burford | Jul 2018 | B2 |
10038723 | Gustafsson | Jul 2018 | B2 |
10140381 | Trikha et al. | Nov 2018 | B2 |
10389753 | Kawashima et al. | Aug 2019 | B2 |
10462159 | Inoue et al. | Oct 2019 | B2 |
10566084 | Kataoka | Feb 2020 | B2 |
10644878 | Yamamoto | May 2020 | B2 |
10652270 | Hu et al. | May 2020 | B1 |
10681080 | Chen et al. | Jun 2020 | B1 |
20020052858 | Goldman et al. | May 2002 | A1 |
20020138492 | Kil | Sep 2002 | A1 |
20030163686 | Ward et al. | Aug 2003 | A1 |
20030169185 | Taylor | Sep 2003 | A1 |
20030188181 | Kunitz et al. | Oct 2003 | A1 |
20040015579 | Cooper et al. | Jan 2004 | A1 |
20040022390 | McDonald et al. | Feb 2004 | A1 |
20040128535 | Cheng | Jul 2004 | A1 |
20040158350 | Ostergaard et al. | Aug 2004 | A1 |
20040267413 | Keber | Dec 2004 | A1 |
20060037080 | Maloof | Feb 2006 | A1 |
20060038818 | Steele | Feb 2006 | A1 |
20060187060 | Colby | Aug 2006 | A1 |
20070136607 | Launchbury et al. | Jun 2007 | A1 |
20070261112 | Todd et al. | Nov 2007 | A1 |
20070266433 | Moore | Nov 2007 | A1 |
20080098479 | O'Rourke et al. | Apr 2008 | A1 |
20080119958 | Bear et al. | May 2008 | A1 |
20080148398 | Mezack et al. | Jun 2008 | A1 |
20080220740 | Shatzkamer et al. | Sep 2008 | A1 |
20080276317 | Chandola et al. | Nov 2008 | A1 |
20080279387 | Gassoway | Nov 2008 | A1 |
20080294019 | Tran | Nov 2008 | A1 |
20080307526 | Chung et al. | Dec 2008 | A1 |
20080319591 | Markiton et al. | Dec 2008 | A1 |
20090021394 | Coughlin | Jan 2009 | A1 |
20090028141 | Vu Duong et al. | Jan 2009 | A1 |
20090066521 | Atlas et al. | Mar 2009 | A1 |
20090067923 | Whitford | Mar 2009 | A1 |
20090077666 | Chen et al. | Mar 2009 | A1 |
20090157057 | Ferren et al. | Jun 2009 | A1 |
20090167531 | Ferguson | Jul 2009 | A1 |
20090254973 | Kwan | Oct 2009 | A1 |
20090254992 | Schultz et al. | Oct 2009 | A1 |
20090287706 | Bourges-Waldegg et al. | Nov 2009 | A1 |
20100007489 | Misra | Jan 2010 | A1 |
20100183211 | Meetz et al. | Jul 2010 | A1 |
20100201489 | Griffin | Aug 2010 | A1 |
20100246827 | Lauter et al. | Sep 2010 | A1 |
20100286572 | Moersdorf et al. | Nov 2010 | A1 |
20110179492 | Markopoulou et al. | Jul 2011 | A1 |
20110291803 | Bajic et al. | Dec 2011 | A1 |
20110299420 | Waggener et al. | Dec 2011 | A1 |
20120005755 | Kitazawa et al. | Jan 2012 | A1 |
20120110328 | Pate et al. | May 2012 | A1 |
20120167210 | Garcia et al. | Jun 2012 | A1 |
20120278889 | El-Moussa | Nov 2012 | A1 |
20120324568 | Wyatt et al. | Dec 2012 | A1 |
20130046696 | Radhakrishnan | Feb 2013 | A1 |
20130046987 | Radhakrishnan | Feb 2013 | A1 |
20130074186 | Muttik | Mar 2013 | A1 |
20130104238 | Balson et al. | Apr 2013 | A1 |
20130111036 | Ozawa et al. | May 2013 | A1 |
20130247205 | Schrecker et al. | Sep 2013 | A1 |
20130298243 | Kumar et al. | Nov 2013 | A1 |
20130347094 | Bettini et al. | Dec 2013 | A1 |
20140105573 | Hanckmann | Apr 2014 | A1 |
20140108474 | David et al. | Apr 2014 | A1 |
20140115707 | Bailey, Jr. | Apr 2014 | A1 |
20140122370 | Jamal et al. | May 2014 | A1 |
20140136846 | Kitze et al. | May 2014 | A1 |
20140137257 | Martinez et al. | May 2014 | A1 |
20140153478 | Kazmi et al. | Jun 2014 | A1 |
20140157405 | Joll et al. | Jun 2014 | A1 |
20140163640 | Edgerton et al. | Jun 2014 | A1 |
20140181267 | Watdkins et al. | Jun 2014 | A1 |
20140181973 | Lee et al. | Jun 2014 | A1 |
20140189861 | Gupta et al. | Jul 2014 | A1 |
20140189873 | Elder et al. | Jul 2014 | A1 |
20140201374 | Ashwood-Smith | Jul 2014 | A1 |
20140201836 | Amsler | Jul 2014 | A1 |
20140219096 | Rabie et al. | Aug 2014 | A1 |
20140222813 | Yang et al. | Aug 2014 | A1 |
20140229739 | Roth et al. | Aug 2014 | A1 |
20140237599 | Gertner et al. | Aug 2014 | A1 |
20140259170 | Amsler | Sep 2014 | A1 |
20140317261 | Shatzkamer et al. | Oct 2014 | A1 |
20140317293 | Shatzkamer | Oct 2014 | A1 |
20140325231 | Hook et al. | Oct 2014 | A1 |
20150019710 | Shaashua et al. | Jan 2015 | A1 |
20150033340 | Giokas | Jan 2015 | A1 |
20150061867 | Engelhard et al. | Mar 2015 | A1 |
20150074807 | Turbin | Mar 2015 | A1 |
20150082308 | Kiess et al. | Mar 2015 | A1 |
20150088791 | Lin et al. | Mar 2015 | A1 |
20150096024 | Haq et al. | Apr 2015 | A1 |
20150163242 | Laidlaw et al. | Jun 2015 | A1 |
20150227964 | Yan et al. | Aug 2015 | A1 |
20150283036 | Aggarwal et al. | Oct 2015 | A1 |
20150288541 | Farango et al. | Oct 2015 | A1 |
20150288767 | Fargano et al. | Oct 2015 | A1 |
20150317169 | Sinha et al. | Nov 2015 | A1 |
20150326535 | Rao et al. | Nov 2015 | A1 |
20150326587 | Vissamsetty et al. | Nov 2015 | A1 |
20150326588 | Vissamsetty et al. | Nov 2015 | A1 |
20150333979 | Schwengler et al. | Nov 2015 | A1 |
20150356451 | Gupta et al. | Dec 2015 | A1 |
20150381423 | Xiang | Dec 2015 | A1 |
20150381649 | Schultz et al. | Dec 2015 | A1 |
20160006642 | Chang et al. | Jan 2016 | A1 |
20160014147 | Zoldi et al. | Jan 2016 | A1 |
20160050161 | Da et al. | Feb 2016 | A1 |
20160057234 | Parikh et al. | Feb 2016 | A1 |
20160065596 | Baliga et al. | Mar 2016 | A1 |
20160154960 | Sharma et al. | Jun 2016 | A1 |
20160156644 | Wang et al. | Jun 2016 | A1 |
20160156656 | Boggs | Jun 2016 | A1 |
20160182379 | Mehra et al. | Jun 2016 | A1 |
20160205106 | Yacoub et al. | Jul 2016 | A1 |
20160248805 | Burns | Aug 2016 | A1 |
20160301704 | Hassanzadeh et al. | Oct 2016 | A1 |
20160301709 | Hassanzadeh et al. | Oct 2016 | A1 |
20160344587 | Hoffmann | Nov 2016 | A1 |
20160352732 | Bamasag et al. | Dec 2016 | A1 |
20160364553 | Smith et al. | Dec 2016 | A1 |
20170063893 | Franc et al. | Mar 2017 | A1 |
20170093915 | Ellis et al. | Mar 2017 | A1 |
20170149804 | Kolbitsch et al. | May 2017 | A1 |
20170228651 | Yamamoto | Aug 2017 | A1 |
20170264597 | Pizot et al. | Sep 2017 | A1 |
20170310485 | Robbins et al. | Oct 2017 | A1 |
20170318033 | Holland et al. | Nov 2017 | A1 |
20170366571 | Boyer | Dec 2017 | A1 |
20170373835 | Yamamoto | Dec 2017 | A1 |
20170374084 | Inoue et al. | Dec 2017 | A1 |
20180212768 | Kawashima et al. | Jul 2018 | A1 |
20180212941 | Yamamoto et al. | Jul 2018 | A1 |
20180337958 | Nagarkar | Nov 2018 | A1 |
20190052652 | Takahashi et al. | Feb 2019 | A1 |
20190075455 | Coulier | Mar 2019 | A1 |
20190156934 | Kataoka | May 2019 | A1 |
20190370384 | Dalek et al. | Dec 2019 | A1 |
Number | Date | Country |
---|---|---|
104618377 | May 2015 | CN |
2008049602 | Mar 2018 | JP |
2018148267 | Sep 2018 | JP |
Entry |
---|
H. Larochelle et al. “An empirical evaluation of deep architectures on problems with many factors of variation” ACM ICML '07, p. 473-480 (8 pgs). |
J. Bergstra et al. “Random Search for Hyper-Parameter Optimization” Journal of Machine Learning Research 13 (2012), p. 281-305 (25 pgs). |
Wikipedia—anonymous—https://en.wikipedia.org/wiki/Decision_tree (5 pgs). |
Wikipedia—anonymous—https://en.wikipedia.org/wiki/Support_vector_machine(16 pgs). |
Wikipedia—anonymous—https://en.wikipedia.org/wiki/K-nearest_neighbors_algorithm (11 pgs). |
Wikipedia—anonymous—https://en.wikipedia.org/wiki/Gradient_boosting (8 pgs). |
Wikipedia—anonymous—https://en.wikipedia.org/wiki/Naive_Bayes_classifier (10 pgs). |
Wikipedia—anonymous—https://en.wikipedia.org/wiki/Bootstrap_aggregating (3 pgs). |
Wikipedia—anonymous—https://en.wikipedia.org/wiki/Logistic_regression (14 pgs). |
Wikipedia—anonymous—https://en.wikipedia.org/wiki/AdaBoost (12 pgs). |
Kaggle—https://www.kaggle.com/wiki/Home (2 pgs.). |
Wikipedia—anonymous—TLS: Transport Layer Security Protoco—Webpage https://en.wikipedia.org/wiki/Transport_Layer_security (1 pgs/). |
NIST—National Insitute of Standards and Techology, US Department of Commerce “Computer Security Resource Center” AES Algorithm With Galois Counter Mode of Operation. Webpage https://csrc.nist.gov/projects/block-cipher-techniques/bcm (3 pgs.). |
Moriarty, et al. PKI Certificate—PKCS #12: Personal Information Exchange Syntax v1.1—Webpage https://tools.ietf.org/html/rfc7292 (30 pgs). |
ITU—International Telecommunication Union—Open Systems Interconnection—X.509: Information Technology—Public-key and attribute framework certificate—Webpage http://www.itu.int/rec/T-REC-X.509/enn (2 pgs.). |
Groves, M., Sakai-Kasahara Key Encryption (SAKKE)—Internet Engineering Task Force dated Feb. 2012—Webpage https://tools.ietf.org/html/rfc6508 (22 pgs.). |
Barbosa, L. et al.—SK-KEM: An Identity-Based Kem, Algorithm standardized in IEEE—Webpage http://grouper.ieee.org/groups/1363/IBC/submissions/Barbosa-SK-KEM-2006-06.pdf (20 pgs.). |
Boyen-X, et al—Identity-Based Cryptography Standard (IBCS) #1: Supersingular Curve Implementations of the BF and BB1 Cryptosystems, dated Dec. 2007—Webpage https://tools.ietf.org/html/rfc5091 (64 pgs.). |
An Amazon.com company @ Alexa—Webpage: https://www.alexa.com/siteinfo (5 pgs.). |
Stouffer, K. et al.—“The National Institute of Standards & Technology(NIST) Industrial Control System (ICS) security guide” dated May 2015 (247 pgs.). |
Auto-WEKA webpage printed Feb. 17, 2015 (2 pages). |
Ayat, N.E.; Cheriet, M.; Suen, C.Y.; “Automatic Model Selection for the optimization of SVM Kernels,” Mar. 21, 2005 (35 pages). |
Brodley, Carla E., “Addressing the Selective Superiority Problem: Automatic Algorithm/Model Class Selection,” (1993) (8 pages). |
Chapelle, Olivier; Vapnik, Vladimir; Bousquet, Olivier; Mukherjee, Sayan; “Choosing Multiple Parameters for Support Vector Machines,” Machine Learning, 46, 131-159, 2002 © 2002 Kluwer Academic Publishers. Manufactured in the Netherlands. |
Lee, Jen-Hao and Lin, Chih-Jen, “Automatic Model Selection for Support Vector Machines,” (2000). |
Smith, Michael R.; Mitchell, Logan; Giraud-Carrier, Christophe; Martinez, Tony; “Recommending Learning Algorithms and Their Associated Hyperparameters,” Jul. 7, 2014 (2 pages). |
Thornton, Chris. Thesis: “Auto-WEKA: Combined Selection and Hyperparameter Optimization of Supervised Maching Learning Algorithms,” Submitted to the University of British Columbia, Mar. 2014 (75 pages). |
Thornton, Chris; Hutter, Frank; Hoos, Holger H.; Leyton-Brown, Kevin. “Auto-WEKA: Combined Selection and Hyperparameter Optimization of Classification Algorithms,” Mar. 2013 (9 pages). |
Wolinski, Christophe; Kuchcinski, Krzysztof. “Automatic Selection of Application-Specific Reconfigurable Processor Extensions.” Design, Automation & Test in Europe Conference (Date '08), Mar. 2008, Munich, Germany, pp. 1214-1219 (7 pages). |
Workshop Handout edited by Joaquin Vanschoren, Pavel Brazdil, Carlos Soares and Lars Kotthoff, “Meta-Learning and Algorithm Selection Workshop at ECAI 2014,” MetaSel 2014, Aug. 19, 2014 (66 pages). |
Chih-Fong, T. et al. Intrusion Detection by Machine Learning: A Review: dated 2009; pp. 11994-12000 (7 pages.). |
Soldo, Fabio, Anh Le, and Athina Markopoulou. “Predictive blacklisting as an implicit recommendation system.” INFOCOM, 2010 Proceedings IEEE. IEEE, 2010. (Year: 2010), 9 pages. |
Kataoka et al. Mining Muscle Use Data for Fatigue Reduction in IndyCar. MIT Sloan Sports Analytics Conference. Mar. 4, 2017 [retrieved Oct. 9, 2018]. Retrieved from the Internet, entire document http://www.sloansportconference.com/wp-content/uploads/2017/02/1622.pdf. |
Kegelman, J.C., et al., “Insights into vehicle trajectories at the handling limits: analyzing open data from race car drivers; Taylor & Francis, Vehicle System Dynamics” dated Nov. 3, 2016 (18 pgs.). |
Theodosis, P. et al., “Nonlinear Optimization of a Racing Line for an Autonomous Racecar Using Professional Driving Techniques”, dated Oct. 2012, 7 pages, Citation and abstract, retrieved from the web at: https://www.researchgate.net/publication/267650184. |
Tulabandhula, T. et al. “Tire Changes, Fresh Air, and Yellow Flags: Challenges in Predictive Analytics for Professional Racing” MIT, dated Jun. 2014 (16 pages.). |
Takagahara, K. et al.: “hitoe”—A Wearable Sensor Developed through Cross-industrial Collaboration, NTT Technical Review, dated Sep. 4, 2014 (5 pages.). |
Lee, J.H., et al., “Development of a Novel Tympanic Temperature Monitoring System for GT Car Racing Athletes,” World Congress on Medical Physics and Biomedical Engineering, May 26-31, 2012, Beijing, China, Abstract Only, pp. 2062-2065, dated 2013, (3 pages.)—retrieved from the web at: https://link.springer.com/chapter/10.1007/978-3-642-29305-4_541. |
NTT Innovation Institute, Inc., Global Cyber Threat Intelligence by Kenji Takahashi, Aug. 6, 2016, retrieved on Aug. 16, 2017, retrieved from the Internet, entire document https://www.slideshare.net/ntti3/global-cyber-threat-intelligence. |
How to handle Imbalanced Classification Problems in machine learning?In: Analytics Vidhya. Mar. 17, 2017 (Mar. 17, 2017) Retrieved on Aug. 2, 2019 (Aug. 2, 2019), entire document https://www.analyticsvidhya.com/blog/2017/03/imbalanced-classification-problems/. |
Yen et al. “Cluster-based under-sampling approaches for imbalanced data distributions.” In: Expert Systems with Applications. Apr. 2009 (Apr. 2009) Retrieved on Aug. 2, 2019 (Aug. 2, 2019), entire document http://citeseemist.psu.edu/viewdoc/download?doi=10.1.1.454.35308.rep=rep1&type=pdf. |
Chawla et al. “SMOTE: synthetic minority over-sampling technique.” In: Journal of artificial intelligence research. Jun. 2, 2002 (Jun. 2, 2002) Retrieved on Aug. 2, 2019 (Aug. 2, 2019), entire document https://www.jairorg/index.php/jaidarticle/download/10302J24590. |
Malik et al. “Automatic training data cleaning for text classification.” In: 2011 IEEE 11th international conference on data mining workshops. Dec. 11, 2011 (Dec. 11, 2011) Retrieved on Aug. 2, 2019 (Aug. 2, 2019), entire document http://wwwl.cs.columbia.edu/-hhm2104/papers/atdc.pdf. |
Number | Date | Country | |
---|---|---|---|
20180083988 A1 | Mar 2018 | US |
Number | Date | Country | |
---|---|---|---|
62396591 | Sep 2016 | US |