BlackBerry has filed a patent for a computer-implemented method that processes event log data. The method involves converting the event log into a graph, normalizing the event records, representing them as nodes in the graph, and generating event clusters based on common attributes and hierarchical relationships. The graph is then used to detect threat or suspicious activities. GlobalData’s report on BlackBerry gives a 360-degree view of the company including its patenting strategy. Buy the report here.
According to GlobalData’s company profile on BlackBerry, adaptive video coding was a key innovation area identified from patents. BlackBerry's grant share as of September 2023 was 67%. Grant share is based on the ratio of number of grants to total number of patents.
The patent is filed for a method to process event log data
A recently filed patent (Publication Number: US20230315884A1) describes a computer-implemented method for detecting threat or suspicious activities using event logs from computer systems. The method involves receiving an event log that contains multiple event records describing events that have occurred on the computer systems over a period of time. The event log is then converted into a graph using specific conversion algorithms for each operating system (OS) running on the computer systems at the time the event records were created.
The conversion process includes normalizing the event records by anonymizing unique identifier values and replacing variable values with predetermined values. Each normalized event record is represented as one or more nodes in the graph. The method also involves generating event clusters based on common attributes and hierarchical relationships between the normalized event records. These event clusters form aggregated groups of nodes in the graph.
The graph generated from the event log is then used to detect threat or suspicious activities. This detection process can involve applying a predetermined set of rules over the graph to determine if the event records contain specific event attributes. These rules can be defined by different entities, such as cybersecurity experts or tenant administrators. The specific event attributes can include process name, command line expression, file path, user name, or event category.
Additionally, the method can involve generating training data from the graph to train a machine learning model. This trained model can then be used to predict threat or suspicious activities based on the event log or feature information derived from the event log. The training data can be generated by sampling event records using dataset balancing techniques.
The patent also describes the conversion of the event log into a compacted representation with a hierarchical tree structure format. This format can provide a bottom-up or top-down view of processes and their relationships within the event log.
The patent further includes claims for a computer-implemented system and a computer-readable medium storing instructions that perform similar operations as described in the method claims.
In summary, this patent proposes a method and system for detecting threat or suspicious activities using event logs from computer systems. The method involves converting the event log into a graph, generating event clusters, and applying rules or machine learning techniques to detect these activities. The system and computer-readable medium claims provide implementations of the method.
To know more about GlobalData’s detailed insights on BlackBerry, buy the report here.
Data Insights
From
The gold standard of business intelligence.
Blending expert knowledge with cutting-edge technology, GlobalData’s unrivalled proprietary data will enable you to decode what’s happening in your market. You can make better informed decisions and gain a future-proof advantage over your competitors.