公开(公告)号：US12210621B2

公开(公告)日：2025-01-28

申请号：US17578670

申请日：2022-01-19

Applicant: salesforce.com, inc.

Inventor： Regunathan Radhakrishnan ,  Vijay Erramilli ,  Anirudh Kondaveeti

IPC: G06F21/55 ,  G06N3/08

Abstract: Methods, computer readable media, and devices to automatically construct kill-chain from security alerts are disclosed. One method may include collecting a plurality of security alerts, receiving a selection of a high severity security alert associated with a node and a user from among the plurality of security alerts, creating a security narrative for the high severity security alert by providing a set of historical security alerts to a deep learning architecture, the set including security alerts selected based on a relation to the node and the user, and identifying a subset of the set of historical security alerts, including security alerts relevant to the high severity security alert, in a reverse time order by the deep learning architecture, and providing the security narrative as part of a response to the high severity security alert.

公开(公告)号：US20230244766A1

公开(公告)日：2023-08-03

申请号：US17589617

申请日：2022-01-31

Applicant: salesforce.com, inc.

Inventor： Vijay Erramilli ,  Regunathan Radhakrishnan ,  Anuj Gargeya Malkapuram

IPC: G06F21/31

CPC classification number: G06F21/316

Abstract: A method and system of authenticating a user logon builds a user logon profile with a plurality of user logon features gathered during at least one successful attempted user logon, determines a logon feature novelty score for each feature, receives a user logon request for authentication and extracts current user logon features, retrieves corresponding logon feature novelty scores, determines a first distance function score for the corresponding logon feature novelty scores of the current user logon features, builds a failed logon attempt database, determines a failed logon feature novelty score, extracts the failed logon feature novelty scores corresponding to current user logon features, determines a second distance function score for the corresponding failed logon feature novelty scores of the current user logon features, and determining to one of allow or deny the user logon request based on at least one of the first distance function score and the second distance function score.

公开(公告)号：US20230229763A1

公开(公告)日：2023-07-20

申请号：US17578670

申请日：2022-01-19

Applicant: salesforce.com, inc.

Inventor： Regunathan Radhakrishnan ,  Vijay Erramilli ,  Anirudh Kondaveeti

IPC: G06F21/55 ,  G06N3/08

CPC classification number: G06F21/554 ,  G06N3/08 ,  G06F2221/034

Abstract: Methods, computer readable media, and devices to automatically construct kill-chain from security alerts are disclosed. One method may include collecting a plurality of security alerts, receiving a selection of a high severity security alert associated with a node and a user from among the plurality of security alerts, creating a security narrative for the high severity security alert by providing a set of historical security alerts to a deep learning architecture, the set including security alerts selected based on a relation to the node and the user, and identifying a subset of the set of historical security alerts, including security alerts relevant to the high severity security alert, in a reverse time order by the deep learning architecture, and providing the security narrative as part of a response to the high severity security alert.

公开(公告)号：US20230118341A1

公开(公告)日：2023-04-20

申请号：US17502536

申请日：2021-10-15

Applicant: salesforce.com, inc.

Inventor： Vijay Erramilli ,  Regunathan Radhakrishnan ,  Prashant Agrawal

IPC: G06N5/02 ,  G06N5/04 ,  G06F16/28

Abstract: Methods, apparatuses, and computer readable media are disclosed. An application server may receive a dataset that includes records associated with user device interactions with a computer system. The application server may modify one or more records according to a data modification metric. The modifying may result in a modified dataset that satisfies a similarity metric defining a permissible deviation between the received dataset and the modified dataset according to a deviation threshold. The data modification metric may satisfy the similarity metric and may define a deviation in the modified dataset that results in an expected classification by the machine learning predictive model to classify the deviation in the modified dataset as an outlier event. The application server may process the modified dataset with the machine learning predictive model to produce a result. The application server may compare the expected classification to the classification to validate the model.

公开(公告)号：US11954189B2

公开(公告)日：2024-04-09

申请号：US17589617

申请日：2022-01-31

Applicant: salesforce.com, inc.

Inventor： Vijay Erramilli ,  Regunathan Radhakrishnan ,  Anuj Gargeya Malkapuram

IPC: G06F21/31

CPC classification number: G06F21/316

Abstract: A method and system of authenticating a user logon builds a user logon profile with a plurality of user logon features gathered during at least one successful attempted user logon, determines a logon feature novelty score for each feature, receives a user logon request for authentication and extracts current user logon features, retrieves corresponding logon feature novelty scores, determines a first distance function score for the corresponding logon feature novelty scores of the current user logon features, builds a failed logon attempt database, determines a failed logon feature novelty score, extracts the failed logon feature novelty scores corresponding to current user logon features, determines a second distance function score for the corresponding failed logon feature novelty scores of the current user logon features, and determining to one of allow or deny the user logon request based on at least one of the first distance function score and the second distance function score.