THREAT DETECTION NETWORK

• Main Authors: PALUMBO, Paolo, AKSELA, Matti, KOMASHINSKIY, Dmitriy
• Format: Patent
• Language: English; French; German
• Published: 06.12.2023
• Subjects: ELECTRIC COMMUNICATION TECHNIQUE; ELECTRICITY; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION

According to an example embodiment, a threat detection network (10) for monitoring a security threat pertaining to a computer network is provided, the threat detection network (10) comprising a back end system (16) and a plurality of sensors (12) coupled to the back end system (16) via a communication network (14), wherein each sensor (12-k) is arranged to: collect data that is descriptive of respective occurrences of one or more predefined events in a respective one of a plurality of nodes of the computer network, wherein each of said events involves a respective interaction of a subject entity operating in the respective node with an object entity associated with the respective node, apply one or more predefined anomaly detection models to determine respective anomaly detection scores for a plurality of interactions captured in the collected data, arrange at least some of the interactions captured in the collected data into a local activity graph that is descriptive of interactions of one or more subject entities operating in the respective node with one or more object entities associated with the respective node, and selectively transmit one or more portions of the local activity graph as respective node status data to the back end system (16) in dependence of the anomaly scores determined for the respective interactions captured in the local activity graph; and wherein the back end system (16) is arranged to derive, based on respective node status data received from one or more of said plurality of sensors (12), one or more security parameters that are descriptive of the security threat pertaining to the computer network.