公开(公告)号：US10552994B2

公开(公告)日：2020-02-04

申请号：US14859882

申请日：2015-09-21

Applicant: Palantir Technologies Inc.

Inventor： Timothy Yousaf ,  Drew Dennison ,  Paul Thoren ,  Khoa Pham ,  Eliot Ball ,  Spencer Tank ,  John McRaven ,  Lucas Ray ,  Jeffrey Tsui

IPC: G06T11/20 ,  G06F3/0481 ,  G06F16/332 ,  G06F16/33 ,  G06F16/338

Abstract: Embodiments of the present disclosure relate to a data analysis system that may receive data comprising a plurality of raw data items from one or more data sources, such as a monitoring agent located in a monitored network. The received data may be scored using one or more scoring rules and/or algorithms, with raw data items satisfying a score threshold designated as “data item leads.” Raw data items associated with a data item lead may be searched and displayed to the user via an interactive user interface. The data analysis system may be used to execute searches and additional enrichments against the received raw data items. The data analysis system may group received raw data items based upon shared attribute values. The data analysis system may be used to categorize received data and construct timelines, histograms, and/or other visualizations based upon the various attributes of the raw data items.

公开(公告)号：US09043894B1

公开(公告)日：2015-05-26

申请号：US14616080

申请日：2015-02-06

Applicant: Palantir Technologies Inc.

Inventor： Drew Dennison ,  Geoff Stowe ,  Adam Anderson

IPC: H04L29/06

CPC classification number: H04L63/145 ,  G06F17/30867 ,  G06F21/552 ,  G06F21/566 ,  G06F2221/033 ,  G06N99/005 ,  H04L63/1408 ,  H04L63/1425

Abstract: A computer system identifies malicious Uniform Resource Locator (URL) data items from a plurality of unscreened data items that have not been previously identified as associated with malicious URLs. The system can execute a number of pre-filters to identify a subset of URLs in the plurality of data items that are likely to be malicious. A scoring processor can score the subset of URLs based on a plurality of input vectors using a suitable machine learning model. Optionally, the system can execute one or more post-filters on the score data to identify data items of interest. Such data items can be fed back into the system to improve machine learning or can be used to provide a notification that a particular resource within a local network is infected with malicious software.

Abstract translation: 计算机系统从未被先前识别为与恶意URL相关联的多个未被筛选的数据项中识别恶意统一资源定位符（URL）数据项。 系统可以执行多个预过滤器以识别可能是恶意的多个数据项中的URL的子集。 评分处理器可以使用合适的机器学习模型基于多个输入向量来评分URL的子集。 可选地，系统可以对得分数据执行一个或多个后置过滤器以识别感兴趣的数据项。 这样的数据项目可以反馈到系统中以改进机器学习，或者可以用于提供本地网络中的特定资源被恶意软件感染的通知。

公开(公告)号：US20190081971A1

公开(公告)日：2019-03-14

申请号：US16186801

申请日：2018-11-12

Applicant: Palantir Technologies Inc.

Inventor： Samuel Jones ,  Timothy Yousaf ,  Drew Dennison ,  Vivek Lakshmanan ,  Joseph Staehle ,  Samuel Kremin ,  Maxim Kesin ,  Taylor Heroux

IPC: H04L29/06 ,  G06F21/55 ,  H04L29/08

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network monitoring, user account compromise determination, and user behavior database system. The system monitors network actions of user accounts including user account access across multitudes of network accessible systems, determines user account transitions, and determines different types of high-risk user behavior indicative of compromise. Network actions can be obtained from generated information by the network accessible systems, and correlated across additional data sets including contextual ones. User interfaces are generated describing network actions of user accounts, and are configured for user interaction, which cause generation of updated user interfaces and access to electronic data sources to determine information relevant to the user interaction.

公开(公告)号：US10135863B2

公开(公告)日：2018-11-20

申请号：US15378567

申请日：2016-12-14

Applicant: Palantir Technologies Inc.

Inventor： Drew Dennison ,  Geoff Stowe ,  Adam Anderson

IPC: G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  H04L29/06 ,  G06N99/00 ,  G06F17/30

Abstract: A computer system identifies malicious Uniform Resource Locator (URL) data items from a plurality of unscreened data items that have not been previously identified as associated with malicious URLs. The system can execute a number of pre-filters to identify a subset of URLs in the plurality of data items that are likely to be malicious. A scoring processor can score the subset of URLs based on a plurality of input vectors using a suitable machine learning model. Optionally, the system can execute one or more post-filters on the score data to identify data items of interest. Such data items can be fed back into the system to improve machine learning or can be used to provide a notification that a particular resource within a local network is infected with malicious software.

公开(公告)号：US20170134397A1

公开(公告)日：2017-05-11

申请号：US15378567

申请日：2016-12-14

Applicant: Palantir Technologies Inc.

Inventor： Drew Dennison ,  Geoff Stowe ,  Adam Anderson

IPC: H04L29/06 ,  G06F17/30 ,  G06N99/00

CPC classification number: H04L63/145 ,  G06F17/30867 ,  G06F21/552 ,  G06F21/566 ,  G06F2221/033 ,  G06N99/005 ,  H04L63/1408 ,  H04L63/1425

Abstract: A computer system identifies malicious Uniform Resource Locator (URL) data items from a plurality of unscreened data items that have not been previously identified as associated with malicious URLs. The system can execute a number of pre-filters to identify a subset of URLs in the plurality of data items that are likely to be malicious. A scoring processor can score the subset of URLs based on a plurality of input vectors using a suitable machine learning model. Optionally, the system can execute one or more post-filters on the score data to identify data items of interest. Such data items can be fed back into the system to improve machine learning or can be used to provide a notification that a particular resource within a local network is infected with malicious software.

公开(公告)号：US11496509B2

公开(公告)日：2022-11-08

申请号：US16935045

申请日：2020-07-21

Applicant: Palantir Technologies Inc.

Inventor： Drew Dennison ,  Geoff Stowe ,  Adam Anderson

IPC: H04L29/06 ,  H04L9/40 ,  G06F21/56 ,  G06N20/00 ,  G06F21/55

Abstract: A computer system identifies malicious Uniform Resource Locator (URL) data items from a plurality of unscreened data items that have not been previously identified as associated with malicious URLs. The system can execute a number of pre-filters to identify a subset of URLs in the plurality of data items that are likely to be malicious. A scoring processor can score the subset of URLs based on a plurality of input vectors using a suitable machine learning model. Optionally, the system can execute one or more post-filters on the score data to identify data items of interest. Such data items can be fed back into the system to improve machine learning or can be used to provide a notification that a particular resource within a local network is infected with malicious software.

公开(公告)号：US10728277B2

公开(公告)日：2020-07-28

申请号：US16148241

申请日：2018-10-01

Applicant: Palantir Technologies Inc.

Inventor： Drew Dennison ,  Geoff Stowe ,  Adam Anderson

IPC: H04L29/06 ,  G06F21/56 ,  G06F21/55

Abstract: A computer system identifies malicious Uniform Resource Locator (URL) data items from a plurality of unscreened data items that have not been previously identified as associated with malicious URLs. The system can execute a number of pre-filters to identify a subset of URLs in the plurality of data items that are likely to be malicious. A scoring processor can score the subset of URLs based on a plurality of input vectors using a suitable machine learning model. Optionally, the system can execute one or more post-filters on the score data to identify data items of interest. Such data items can be fed back into the system to improve machine learning or can be used to provide a notification that a particular resource within a local network is infected with malicious software.

公开(公告)号：US20190036945A1

公开(公告)日：2019-01-31

申请号：US16148241

申请日：2018-10-01

Applicant: Palantir Technologies Inc.

Inventor： Drew Dennison ,  Geoff Stowe ,  Adam Anderson

IPC: H04L29/06 ,  G06N99/00 ,  G06F17/30 ,  G06F21/56 ,  G06F21/55

Abstract: A computer system identifies malicious Uniform Resource Locator (URL) data items from a plurality of unscreened data items that have not been previously identified as associated with malicious URLs. The system can execute a number of pre-filters to identify a subset of URLs in the plurality of data items that are likely to be malicious. A scoring processor can score the subset of URLs based on a plurality of input vectors using a suitable machine learning model. Optionally, the system can execute one or more post-filters on the score data to identify data items of interest. Such data items can be fed back into the system to improve machine learning or can be used to provide a notification that a particular resource within a local network is infected with malicious software.

公开(公告)号：US11580680B2

公开(公告)日：2023-02-14

申请号：US16714283

申请日：2019-12-13

Applicant: Palantir Technologies Inc.

Inventor： Timothy Yousaf ,  Drew Dennison ,  Paul Thoren ,  Khoa Pham ,  Eliot Ball ,  Spencer Tank ,  John McRaven ,  Lucas Ray ,  Jeffrey Tsui

IPC: G06F3/0481 ,  G06F16/33 ,  G06F16/332 ,  G06F16/338 ,  G06T11/20 ,  G06F21/55 ,  G06F21/50

Abstract: Embodiments of the present disclosure relate to a data analysis system that may receive data comprising a plurality of raw data items from one or more data sources, such as a monitoring agent located in a monitored network. The received data may be scored using one or more scoring rules and/or algorithms, with raw data items satisfying a score threshold designated as “data item leads.” Raw data items associated with a data item lead may be searched and displayed to the user via an interactive user interface. The data analysis system may be used to execute searches and additional enrichments against the received raw data items. The data analysis system may group received raw data items based upon shared attribute values. The data analysis system may be used to categorize received data and construct timelines, histograms, and/or other visualizations based upon the various attributes of the raw data items.

公开(公告)号：US11470102B2

公开(公告)日：2022-10-11

申请号：US16186801

申请日：2018-11-12

Applicant: Palantir Technologies Inc.

Inventor： Samuel Jones ,  Timothy Yousaf ,  Drew Dennison ,  Vivek Lakshmanan ,  Joseph Staehle ,  Samuel Kremin ,  Maxim Kesin ,  Taylor Heroux

IPC: H04L9/40 ,  G06F21/55 ,  H04L67/306

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network monitoring, user account compromise determination, and user behavior database system. The system monitors network actions of user accounts including user account access across multitudes of network accessible systems, determines user account transitions, and determines different types of high-risk user behavior indicative of compromise. Network actions can be obtained from generated information by the network accessible systems, and correlated across additional data sets including contextual ones. User interfaces are generated describing network actions of user accounts, and are configured for user interaction, which cause generation of updated user interfaces and access to electronic data sources to determine information relevant to the user interaction.