{
  "patent_number": "US 11606373",
  "country": "US",
  "title": "AI System That Learns Normal Email Use to Spot and Stop Cyber Threats",
  "original_title": "Cyber threat defense system protecting email networks with machine learning models",
  "summary": "This 2023 patent describes an AI system that learns how your company normally uses email and then automatically takes action to stop cyber threats that behave unusually.",
  "what_it_does": "This patent is about a smart computer system designed to protect email networks from cyberattacks. It uses artificial intelligence, specifically machine learning models, that first learn what 'normal' looks like for both email activity and how people use their email within an organization. Then, a 'cyber-threat module' compares incoming emails and user actions against this learned normal behavior. It calculates a 'threat risk parameter' based on how unusual the activity is and if it looks like a known cyber threat pattern. If the risk gets high enough, an 'autonomous response module' automatically takes action to stop the threat, like isolating the suspicious email, without waiting for a person to step in. This system collects activity data using 'probes' and can even analyze the email's content and metadata for malicious signs.",
  "what_it_does_not_cover": [
    "Systems that require a human to manually review every suspicious email before taking action.",
    "Cyber threat detection that only looks at email content and ignores user activity patterns.",
    "Systems that cannot automatically take containment actions when a threat is detected.",
    "Threat detection that doesn't learn and adapt to the specific 'normal' behavior of an organization or user.",
    "Cyber threat defense systems that are not specifically designed for email networks."
  ],
  "filed": "2019-02-19",
  "granted": "2023-03-14",
  "expires": "2039-02-19",
  "status": "active",
  "holder": "Darktrace Holdings",
  "holder_url": "https://patentbrief.org/company/darktrace-holdings",
  "inventors": [
    {
      "name": "Matthew Sherwin",
      "url": "https://patentbrief.org/inventor/matthew-sherwin"
    },
    {
      "name": "Matthew Dunn",
      "url": "https://patentbrief.org/inventor/matthew-dunn"
    },
    {
      "name": "Matthew Ferguson",
      "url": "https://patentbrief.org/inventor/matthew-ferguson"
    }
  ],
  "times_cited": 3,
  "tags": [
    "cybersecurity",
    "software",
    "ai_ml",
    "telecommunications"
  ],
  "abstract": "A cyber defense system using models that are trained on a normal behavior of email activity and user activity associated with an email system. A cyber-threat module may reference the models that are trained on the normal behavior of email activity and user activity. A determination is made of a threat risk parameter that factors in the likelihood that a chain of one or more unusual behaviors of the email activity and user activity under analysis fall outside of a derived normal benign behavior. An autonomous response module can be used, rather than a human taking an action, to cause one or more autonomous rapid actions to be taken to contain the cyber-threat when the threat risk parameter from the cyber-threat module is equal to or above an actionable threshold.",
  "url": "https://patentbrief.org/patent/us/11606373/cyber-threat-defense-system-protecting-email-networks-with-machine-learning-mode",
  "markdown_url": "https://patentbrief.org/patent/us/11606373/cyber-threat-defense-system-protecting-email-networks-with-machine-learning-mode/md",
  "google_patents_url": "https://patents.google.com/patent/US11606373",
  "relatedPatents": [
    {
      "patentNumber": "12438891",
      "countryCode": "US",
      "title": "How Multiple AI Models Detect Unusual Behavior on Computer Networks",
      "url": "https://patentbrief.org/patent/us/12438891/anomaly-detection-based-on-ensemble-machine-learning-model"
    },
    {
      "patentNumber": "10599957",
      "countryCode": "US",
      "title": "How to Automatically Detect and Fix Changes in AI Model Data",
      "url": "https://patentbrief.org/patent/us/10599957/systems-and-methods-for-detecting-data-drift-for-data-used-in-machine-learning-m"
    },
    {
      "patentNumber": "12518214",
      "countryCode": "US",
      "title": "Training AI on Private Data Without Seeing It",
      "url": "https://patentbrief.org/patent/us/12518214/distributed-machine-learning-systems-including-generation-of-synthetic-data"
    },
    {
      "patentNumber": "6370526",
      "countryCode": "US",
      "title": "Smart Ranking of Emails and Files Based on How You Click",
      "url": "https://patentbrief.org/patent/us/6370526/google-adwords-pay-per-click"
    },
    {
      "patentNumber": "10607134",
      "countryCode": "US",
      "title": "How AI Learns to Control Game Characters Based on Their Surroundings",
      "url": "https://patentbrief.org/patent/us/10607134/artificially-intelligent-systems-devices-and-methods-for-learning-andor-using-an-avatars-circumstances-for-autonomous-avatar-operation"
    }
  ]
}