{
  "patent_number": "US 12438891",
  "country": "US",
  "title": "How Multiple AI Models Detect Unusual Behavior on Computer Networks",
  "original_title": "Anomaly detection based on ensemble machine learning model",
  "summary": "This patent describes a computer system that uses several artificial intelligence models working together to spot unusual and potentially dangerous activity from users or devices on a computer network.",
  "what_it_does": "This patent details a method for detecting anomalies in a computer network by processing event data. First, a computer system receives 'event data' related to an 'entity' on the network and analyzes it to create 'feature scores' for that entity (Claim 1). These scores are then stored in a unique 'entity profile.' Next, the system feeds these feature scores into multiple individual 'machine-learning models,' each generating an 'intermediate anomaly score.' Finally, an 'ensemble learning model' combines these intermediate scores to produce a single 'anomaly score' for the entity. If this final anomaly score meets a specific threshold, the system flags an anomaly, which could indicate a security threat like malware communication (Claim 2). For example, if a user's login times, data transfer volumes, and accessed websites suddenly change, each change might generate a feature score. These scores are then evaluated by several AI models, and their combined output determines if the user's behavior is truly suspicious.",
  "what_it_does_not_cover": [
    "Does not cover anomaly detection systems that do not create a unique 'entity profile' for each network participant.",
    "Does not cover systems that use only a single machine learning model to generate the final anomaly score, as it requires 'a plurality of machine-learning models' and an 'ensemble learning model' (Claim 1).",
    "Does not cover methods that do not generate 'intermediate anomaly scores' from individual feature scores before combining them.",
    "Does not cover anomaly detection that is not based on 'event data' associated with an entity on a computer network (Claim 1).",
    "Does not cover systems that detect anomalies without first generating 'feature scores' from the event data (Claim 1)."
  ],
  "filed": "2022-02-18",
  "granted": "2025-10-07",
  "expires": "2042-02-18",
  "status": "active",
  "holder": "Cisco Technology",
  "holder_url": "https://patentbrief.org/company/cisco-technology",
  "inventors": [
    {
      "name": "Christos Tryfonas",
      "url": "https://patentbrief.org/inventor/christos-tryfonas"
    },
    {
      "name": "Joseph Auguste Zadeh",
      "url": "https://patentbrief.org/inventor/joseph-auguste-zadeh"
    },
    {
      "name": "Ashwin Athalye",
      "url": "https://patentbrief.org/inventor/ashwin-athalye"
    },
    {
      "name": "Alexander Beebe Bond",
      "url": "https://patentbrief.org/inventor/alexander-beebe-bond"
    },
    {
      "name": "Sudhakar Muddu",
      "url": "https://patentbrief.org/inventor/sudhakar-muddu"
    }
  ],
  "times_cited": 0,
  "tags": [
    "cybersecurity",
    "software",
    "telecommunications",
    "ai_ml",
    "consumer_electronics"
  ],
  "abstract": "A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.",
  "url": "https://patentbrief.org/patent/us/12438891/anomaly-detection-based-on-ensemble-machine-learning-model",
  "markdown_url": "https://patentbrief.org/patent/us/12438891/anomaly-detection-based-on-ensemble-machine-learning-model/md",
  "google_patents_url": "https://patents.google.com/patent/US12438891",
  "relatedPatents": [
    {
      "patentNumber": "11606373",
      "countryCode": "US",
      "title": "AI System That Learns Normal Email Use to Spot and Stop Cyber Threats",
      "url": "https://patentbrief.org/patent/us/11606373/cyber-threat-defense-system-protecting-email-networks-with-machine-learning-mode"
    },
    {
      "patentNumber": "10599957",
      "countryCode": "US",
      "title": "How to Automatically Detect and Fix Changes in AI Model Data",
      "url": "https://patentbrief.org/patent/us/10599957/systems-and-methods-for-detecting-data-drift-for-data-used-in-machine-learning-m"
    },
    {
      "patentNumber": "12518214",
      "countryCode": "US",
      "title": "Training AI on Private Data Without Seeing It",
      "url": "https://patentbrief.org/patent/us/12518214/distributed-machine-learning-systems-including-generation-of-synthetic-data"
    },
    {
      "patentNumber": "7664715",
      "countryCode": "US",
      "title": "How Caterpillar Compresses Heavy Machinery Data Using Neural Networks",
      "url": "https://patentbrief.org/patent/us/7664715/apparatus-and-method-for-compressing-data-apparatus-and-method-for-analyzing-data-and-data-management-system"
    },
    {
      "patentNumber": "10452978",
      "countryCode": "US",
      "title": "How AI Models Understand Language Using 'Attention'",
      "url": "https://patentbrief.org/patent/us/10452978/transformer-attention-mechanism"
    }
  ]
}