WO2019077440A1 - VIRTUAL COGNITIVE DETECTOR - Google Patents

VIRTUAL COGNITIVE DETECTOR Download PDF

Info

Publication number
WO2019077440A1
WO2019077440A1 PCT/IB2018/057830 IB2018057830W WO2019077440A1 WO 2019077440 A1 WO2019077440 A1 WO 2019077440A1 IB 2018057830 W IB2018057830 W IB 2018057830W WO 2019077440 A1 WO2019077440 A1 WO 2019077440A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
virtual agent
program
processors
virtual
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IB2018/057830
Other languages
English (en)
French (fr)
Inventor
Evelyn Duesterwald
Guillaume Antonin BAUDART
David John PIORKOWSKI
Julian Timothy DOLBY
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
IBM China Investment Co Ltd
IBM United Kingdom Ltd
International Business Machines Corp
Original Assignee
IBM China Investment Co Ltd
IBM United Kingdom Ltd
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by IBM China Investment Co Ltd, IBM United Kingdom Ltd, International Business Machines Corp filed Critical IBM China Investment Co Ltd
Priority to CN201880067127.1A priority Critical patent/CN111213161B/zh
Priority to JP2020520029A priority patent/JP7083559B2/ja
Priority to GB2007194.0A priority patent/GB2581741A/en
Publication of WO2019077440A1 publication Critical patent/WO2019077440A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/02User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail using automatic reactions or user delegation, e.g. automatic replies or chatbot-generated messages
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/30Semantic analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/451Execution arrangements for user interfaces
    • G06F9/453Help systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • G06N20/20Ensemble learning
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/004Artificial life, i.e. computing arrangements simulating life
    • G06N3/006Artificial life, i.e. computing arrangements simulating life based on simulated virtual individual or collective life forms, e.g. social simulations or particle swarm optimisation [PSO]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N7/00Computing arrangements based on specific mathematical models
    • G06N7/01Probabilistic graphical models, e.g. probabilistic networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/1813Arrangements for providing special services to substations for broadcast or conference, e.g. multicast for computer conferences, e.g. chat rooms
    • H04L12/1818Conference organisation arrangements, e.g. handling schedules, setting up parameters needed by nodes to attend a conference, booking network resources, notifying involved parties
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0681Configuration of triggering conditions

Definitions

  • a model-based agent can handle partially observable environments. Its current state is stored inside the agent maintaining some kind of structure which describes the part of the world which cannot be seen. This knowledge about "how the world works” is called a model of the world, hence the name "model-based agent.”
  • a model-based reflex agent should maintain some sort of internal model that depends on the percept history and thereby reflects at least some of the unobserved aspects of the current state. Percept history and impact of action on the environment can be determined by using internal model. It then chooses an action in the same way as reflex agent.
  • Virtual agents are increasingly being deployed in enterprises to handle interactions with customers or with employees. As these virtual agents are taking on more functions in enterprises, they are increasingly becoming a target for attack (for example, spam, extraction, poisoning, and evasion attacks). Therefore, there is a need in the art to address the aforementioned problem.
  • Figure 2 is a flowchart depicting operational steps of a program for detecting and mitigating adversarial conversations with virtual agents, in accordance with an embodiment of the present invention.
  • Figure 3 illustrates an example of a program for detecting and mitigating adversarial conversations with virtual agents, in accordance with an embodiment of the present invention.
  • Computing device 110 may be a desktop computer, a laptop computer, a tablet computer, a specialized computer server, a smartphone, a wearable device (e.g., smart watch, personal fitness device, personal safety device), or any programmable computer system known in the art with an interactive display or any other computer system known in the art.
  • computing device 110 represents a computer system utilizing clustered computers and components that act as a single pool of seamless resources when accessed through network 185, as is common in data centers and with cloud computing applications.
  • computing device 110 is representative of any programmable electronic device or combination of programmable electronic devices capable of executing machine-readable program instructions and communicating with other computer devices via a network.
  • An I/O device interfacing with graphical user interface 130 may be connected to computing device 110, which may operate utilizing wired (e.g., USB port) or wireless network communications (e.g., infrared, NFC, etc.).
  • Computing device 110 may include components, as depicted and described in further detail with respect to Figure 4, in accordance with embodiments of the present invention.
  • Storage 160 (e.g., a database) located on computing device 110, represents any type of storage device capable of storing data that is accessed and utilized by computing device 110. In other embodiments, storage 160 represents multiple storage devices within computing device 110. Storage 160 stores information such as, but not limited to, account information, credentials for authentication, user preferences, lists of preferred users, previously visited websites, history of visited Wi-Fi portals, and the history of the location of the computing device.
  • Handshaking facilitates connecting heterogeneous computing systems, or equipment, over a communication channel without the need for user intervention to set parameters.
  • server 120 initiates the handshake process by sending a massage to computing device 110 indicating that server 120 wants to establish a communication channel in order to gain access to programs on computing device 110.
  • bot shield database 182 stores information from a Markov detection model.
  • bot shield database 182 stores historical information, flagged as inappropriate, of unlikely interactions between a virtual agent and a user.
  • Bot shield database 182 stores the history of the transition frequencies from the dialog states between a user and a virtual agent.
  • Deception engine 190 is a sub program of program 200 that automatically adjusts the fidelity of a response, to a user, by virtual agent program 175 to deter a potential attack. Deception engine 190 mitigates attacks by changing the fidelity, or exactness, of model responses without altering original dialog flow with a user. Deception engine 190 changes the exactness of the model responses given to a user by selecting a fidelity level of response according to the current user risk scores. The higher the user risk, the lower the precision of the model response given to the high-risk user.
  • deception engine 190 in response to high-risk activity by a user, changes the fidelity of the response consistent with the risk level of the user.
  • deception engine 190 changes the fidelity of the model response to "please reenter your credit card number to confirm.”
  • Deception engine 190 is triggered if the user risk score passes a certain predefined threshold. In an embodiment, deception engine 190 triggers mitigation actions based on the specific risk level of a user and the fact that a specific threshold was passed based on the user responses to virtual agent program 175.
  • deception engine 190 redirects the user to a honeypot model.
  • deception engine 190 uses a model that mimics the functionality of the original model, but is trained with data that is loosely representative of the original baseline truth, but is similar enough to fool an attacker. Deceptive responses by deception engine 190 can help invalidate the already extracted information in the attacker.
  • deception engine 190 changes the fidelity of model responses without altering the original dialogue flow with a user.
  • deception engine 190 slows or disrupts the information accumulation in a hypothetical adversary.
  • deception engine 190 escalates the conversation to a human responder.
  • program 200 operates as a code snippet within one or more applications on computing device 110.
  • Code snippets define the scope of interactivity between the snippets and the application, (e.g., program 200 hosted by a web browser application on server 120).
  • program 200 is a function within web browser 150, and the processes of program 200 occur automatically (i.e., without user intervention) during operation of web browser 150 as initiated by program 200.
  • the dynamic code snippet elements provide scripting support.
  • the variables enable dialog between program 200, through server 120, graphical user interface 130, web browser 150, and virtual agent program 175.
  • program 200 is capable of being implemented as an independent anomaly detection system that is capable of interfacing with the dialogue system of virtual agent program 175 to provide conversation security.
  • Program 200 detects anomalous and suspicious conversations by leveraging conversational context through preceding model queries by a conversation.
  • program 200 can operate as a plug-in for virtual agent as a monitoring capability operating on conversation logs.
  • the anomaly detection subsystem could be used as a stand-alone program to feed an operation dashboard with anomaly monitoring results.
  • deception engine 190 and probe 195 are integrated with or cooperate with the dialogue runtime as deception engine 190 and probe 195 are manipulating conversation flow with a user.
  • Each subsystem is extensible and able to learn from the encounters with various attackers. Extensible means that additional detection models are capable of being implemented to program 200, additional mitigation responses are capable of being added to program 200, and additional probe choices are capable of being added to program 200.
  • program 200 computes a risk value for a user utilizing the Markov detection module individually.
  • program 200 computes a high-risk value for a user because the dialog log entry to the virtual agent is characteristic of known attacks.
  • the dialog log entry by the user conforms to the pattern of a known attack and is deemed intrusive.
  • Program 200 uses the similarity of the log entry to known attacks to compute a high-risk value to the user.
  • program 200 merges the risk scores from the individual detection models into a single risk score, R, using a weighted ensemble function. The weights of the function may be adapted over time.
  • Program 200 updates the user risk score in the virtual agent using the merged risk value.
  • Program 200 incrementally updates all the anomaly detection models in the ensemble using the dialogue log entry.
  • program 200 receives a dialog log entry and utilizes a combination of two anomaly detection models to compute a risk score for a user.
  • Program 200 utilizes the timing anomaly detection model to determine that the response time by the user is consistent with the timing pattern associated with a known attacker.
  • Program 200 assigns an individual risk score, "r1” based on the timing anomaly detection model.
  • Program 200 utilizes the dialog progression anomaly detection model to determine that the dialog log entry to the virtual agent are consistent with a dialog progression pattern of a known attacker.
  • Program 200 assigns an individual risk score, "r2” based on the dialog progression anomaly model.
  • Program 200 assesses an "R" score that exceeds the threshold as determined by the institution in this example. Domain models 320 was trained on sensitive data, and contains confidential information. Program 200 also assigns an "R” score to adversary 315 based upon the adversarial inputs, as determined by program 200, in response to virtual nurse 375.
  • step 230 program 200 permits access. More specifically, in response to determining that the risk score does not pass a threshold (decision step 220, "no" branch), program 200 permits access to virtual agent program 175 (step 230). In this example, program 200 determines that the risk value, as determined in step 210, does not meet a threshold value "R.” In an example, program 200 analyzes each utterance by a user to virtual agent program 175 and determine that the responses are by a human. Program 200 accesses bot shield database 182 and views a history of similar utterances that were determined to be human with high confidence. Based upon the exactness of the utterances and the consistency of the responses with a history of acceptable responses, program 200 allows a user access to virtual program 175.
  • Program 200 activates a mitigation actions that terminate the conversation by stating "I am not trained on this- for further help please call 1-800"
  • Program 200 intervenes each time the user risk score passes the "high risk” threshold, based upon the "R" value assigned in step 210.
  • Program 200 changes the dialogue flow and redirects virtual nurse 375's response to a previously generated low fidelity response to mitigate the interaction between adversary 315 and virtual nurse 375.
  • program 200 delays the response to a user in accordance with the user's response to the probe or the calculated risk score.
  • a user's utterances to virtual nurse 375 become increasingly similar with known patterns of high-risk utterances.
  • Program 200 increases the risk score of the user proportionally to each high-risk response. As the risk score gets higher, program 200 introduces a longer delay before sending a response back to the user.
  • Fidelity level 1 is the highest level and is consistent with the original response by virtual agent 175 to a human user with a low risk score, fidelity level 2 would be lower, fidelity level 3 is even lower, up to fidelity level N, as determined by institutional or user preferences.
  • program 200 is capable of generating lower fidelity responses through creating additional models that result in lower fidelity responses to a perceived attacker.
  • Program 200 is capable of using a progressive model dilution. Diluting a model is a method that uses a previously trained model as the ground truth for the diluted model. As a result, program 200, through deception engine 190, makes the previously trained model a less accurate version of the baseline truth in the original model.
  • Program 200 is capable of infinitely chaining each low-fidelity response to a progressively lower fidelity response.
  • program 200 responsive to determining that the risk value passes a threshold (decision step 220, "yes" branch), program 200 performs mitigating actions in response to a spam attack.
  • program 200 determines, based on the signature response to a threshold high fidelity question presented by virtual nurse 375.
  • Program 200 assists virtual nurse to validate that adversary 315 is an attacker by providing increasingly lower fidelity questions to adversary 315.
  • Program 200 presents adversary 315 with a fidelity level 3 question.
  • Program 200 determines that adversary 315 is bot generated spam traffic attempting to drive up operations cost for the virtual agent based on the incomprehensible responses to the questions presented by program 200.
  • program 200 uses probe 195 to quickly develop a risk score for a user or to further analyze an indeterminate user and assign a risk score as a function of the further analysis by probe 195.
  • Program 200 ranks available probes by plausibility to occur in a normal conversation.
  • Program 200 injects occasional probes based on the current risk score of a user and program 200 can adjust the strength and need for a probe, and the frequency of injection based on the current risk score of a user.
  • Program 200 evaluates the response by a user to a probe and updates the risk score accordingly, or program 200 can employ further probes.
  • Program 200 adds information to bot shield database 182 as a function of the information provided by probe 195.
  • Program 200 through probe 195, sends out a request or other form of inquiry to get more information back from the user in response to the probe.
  • Program 200 through probe 195, is capable of intervening in a conversation between a user and virtual nurse 375 to further assess a risk score as assigned to the user.
  • program 200 interjects into a conversation and directly requests that the user to prove that the user is a human through one or more probes, such as a "Captchas.”
  • program 200 employs probe 195 in response to a new user, or a user with no signature history of responses stored in bot shield database 182. Probe 195 may be engaged at a low frequency by program 200.
  • program 200 employs a probe to verbal utterances by a user and inserts phrases such as, "I'm sorry I am not trained on this, could you please rephrase," "Did you mean X?" (where X is something that virtual agent program 175 is highly confident that X is not what the previous user utterance was related to, i.e., negative confirmation), or program 200 can utilize probe 195 to employ a superfluous question that requires more than a "yes” or "no” answer and that relates to the current context, (e.g., "when did you first acquire your car” in a conversation about car insurance).
  • program 200 responsive to determining that the risk value passes a threshold (decision step 220, "yes" branch), performs mitigating actions in response to a poisoning attack.
  • virtual nurse 375 continuously learns through production use. The more interaction that virtual nurse 375 has with "good” users the better that virtual nurse 375 functions and the more virtual nurse 375 evolves.
  • program 200 determines, based on the utterances by adversary 315, that adversary 315 is altering virtual nurse 375's training data. Program 200 determines that the topics of conversation imitated, and continued, by adversary 315 are driving the conversation, originally resigned to health care topics, off course into unrelated topic areas.
  • I/O interface(s) 412 allows for input and output of data with other devices that may be connected to server 120.
  • I/O interface 412 may provide a connection to external devices 418 such as a keyboard, keypad, a touch screen, and/or some other suitable input device.
  • External devices 418 can also include portable computer readable storage media such as, for example, thumb drives, portable optical or magnetic disks, and memory cards.
  • Software and data used to practice embodiments of the present invention, e.g., program 200 can be stored on such portable computer readable storage media and can be loaded onto persistent storage 408 via I/O interface(s) 412.
  • I/O interface(s) 412 also connect to a display 420.
  • Display 420 provides a mechanism to display data to a user and may be, for example, a computer monitor.
  • the present invention may be a system, a method, and/or a computer program product.
  • the computer program product may include a computer readable storage medium (or media) having computer readable program instructions thereon for causing a processor to carry out aspects of the present invention.
  • Computer readable program instructions described herein can be downloaded to respective computing/processing devices from a computer readable storage medium or to an external computer or external storage device via a network, for example, the Internet, a local area network, a wide area network and/or a wireless network.
  • the network may comprise copper transmission cables, optical transmission fibers, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers.
  • a network adapter card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium within the respective computing/processing device.
  • the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
  • electronic circuitry including, for example, programmable logic circuitry, field-programmable gate arrays (FPGA), or programmable logic arrays (PLA) may execute the computer readable program instructions by utilizing state information of the computer readable program instructions to personalize the electronic circuitry, in order to perform aspects of the present invention.
  • These computer readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
  • These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, a programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable storage medium having instructions stored therein comprises an article of manufacture including instructions which implement aspects of the function/act specified in the flowchart and/or block diagram block or blocks.
  • each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s).
  • the functions noted in the block may occur out of the order noted in the figures.
  • two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Artificial Intelligence (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Mathematical Physics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computational Linguistics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Medical Informatics (AREA)
  • Audiology, Speech & Language Pathology (AREA)
  • Mathematical Analysis (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Algebra (AREA)
  • Probability & Statistics with Applications (AREA)
  • Computational Mathematics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biomedical Technology (AREA)
  • Biophysics (AREA)
  • Molecular Biology (AREA)
  • Human Computer Interaction (AREA)
  • Computer And Data Communications (AREA)
  • User Interface Of Digital Computer (AREA)
PCT/IB2018/057830 2017-10-18 2018-10-10 VIRTUAL COGNITIVE DETECTOR Ceased WO2019077440A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN201880067127.1A CN111213161B (zh) 2017-10-18 2018-10-10 认知虚拟检测器
JP2020520029A JP7083559B2 (ja) 2017-10-18 2018-10-10 コグニティブ仮想検出器
GB2007194.0A GB2581741A (en) 2017-10-18 2018-10-10 Cognitive virtual detector

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US15/786,888 2017-10-18
US15/786,888 US10574598B2 (en) 2017-10-18 2017-10-18 Cognitive virtual detector

Publications (1)

Publication Number Publication Date
WO2019077440A1 true WO2019077440A1 (en) 2019-04-25

Family

ID=66096155

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2018/057830 Ceased WO2019077440A1 (en) 2017-10-18 2018-10-10 VIRTUAL COGNITIVE DETECTOR

Country Status (5)

Country Link
US (2) US10574598B2 (enExample)
JP (1) JP7083559B2 (enExample)
CN (1) CN111213161B (enExample)
GB (1) GB2581741A (enExample)
WO (1) WO2019077440A1 (enExample)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10574598B2 (en) 2017-10-18 2020-02-25 International Business Machines Corporation Cognitive virtual detector
JP2021174276A (ja) * 2020-04-27 2021-11-01 Kddi株式会社 判定装置、判定方法及び判定プログラム
US11386226B2 (en) 2019-10-21 2022-07-12 International Business Machines Corporation Preventing leakage of selected information in public channels

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11024085B2 (en) * 2016-07-09 2021-06-01 Doubleme, Inc. Electronic system and method for three-dimensional mixed-reality space and experience construction and sharing
US10423873B2 (en) * 2017-12-01 2019-09-24 International Business Machines Corporation Information flow analysis for conversational agents
US10521462B2 (en) * 2018-02-27 2019-12-31 Accenture Global Solutions Limited Virtual services rapid deployment tool
US11429725B1 (en) * 2018-04-26 2022-08-30 Citicorp Credit Services, Inc. (Usa) Automated security risk assessment systems and methods
CN108897848A (zh) * 2018-06-28 2018-11-27 北京百度网讯科技有限公司 机器人互动方法、装置及设备
US10893072B2 (en) * 2018-08-17 2021-01-12 Paypal, Inc. Using cloned accounts to track attacks on user accounts
US11182557B2 (en) * 2018-11-05 2021-11-23 International Business Machines Corporation Driving intent expansion via anomaly detection in a modular conversational system
KR20210099564A (ko) * 2018-12-31 2021-08-12 인텔 코포레이션 인공 지능을 이용한 보안 시스템
US11368470B2 (en) * 2019-06-13 2022-06-21 International Business Machines Corporation Real-time alert reasoning and priority-based campaign discovery
CA3085098A1 (en) * 2019-06-27 2020-12-27 Royal Bank Of Canada Image recognition reverse tuning test system
US10896664B1 (en) * 2019-10-14 2021-01-19 International Business Machines Corporation Providing adversarial protection of speech in audio signals
CN111953710B (zh) * 2020-08-25 2021-08-27 四川中电启明星信息技术有限公司 一种基于大数据的终端设备虚拟代理系统及方法
CN111818096B (zh) * 2020-08-31 2020-12-22 北京安帝科技有限公司 网络协议解析方法和装置
CN113468264B (zh) * 2021-05-20 2024-02-20 杭州趣链科技有限公司 一种基于区块链的中毒防御和中毒溯源的联邦学习方法和装置
US11947694B2 (en) 2021-06-29 2024-04-02 International Business Machines Corporation Dynamic virtual honeypot utilizing honey tokens and data masking
US12321428B2 (en) * 2021-07-08 2025-06-03 Nippon Telegraph And Telephone Corporation User authentication device, user authentication method, and user authentication computer program
CN113656271B (zh) * 2021-08-10 2024-06-07 上海浦东发展银行股份有限公司 用户异常行为的处理方法、装置、设备及存储介质
US11558506B1 (en) * 2021-09-27 2023-01-17 Nice Ltd. Analysis and matching of voice signals
US20230147451A1 (en) * 2021-11-08 2023-05-11 Intelepeer Methods and systems for generating a virtual graph of multi channel communications
US12284211B2 (en) * 2023-02-02 2025-04-22 Advanced Security Technologies Asia Pte. Ltd. Cyber clone of a computing entity
US20250330481A1 (en) * 2023-09-29 2025-10-23 F5, Inc. Methods for security control and devices thereof
US12028359B1 (en) * 2023-10-25 2024-07-02 Coalition, Inc. Method of ranking and address network threats

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7716247B2 (en) * 2006-12-18 2010-05-11 Microsoft Corporation Multi-protocol access to files and directories
US20130031042A1 (en) * 2011-07-27 2013-01-31 Sintayehu Dehnie Distributed assured network system (DANS)
US20150071088A1 (en) * 2013-09-06 2015-03-12 Qualcomm Incorporated Pipelining Registration and Conflict Detection in Dual-SIM-Dual-Active Communication Device Coexistence

Family Cites Families (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3734206B2 (ja) * 1998-05-01 2006-01-11 インターナショナル・ビジネス・マシーンズ・コーポレーション エージェント対話管理方法、コンピュータ及び記憶媒体
US7136860B2 (en) 2000-02-14 2006-11-14 Overture Services, Inc. System and method to determine the validity of an interaction on a network
US8566102B1 (en) * 2002-03-28 2013-10-22 At&T Intellectual Property Ii, L.P. System and method of automating a spoken dialogue service
JP2007525087A (ja) 2003-06-27 2007-08-30 アコニクス・システムズ・インコーポレイテッド アクティブ受信及びアクティブ警告でのコンテクスト依存の転送
US20070299915A1 (en) * 2004-05-02 2007-12-27 Markmonitor, Inc. Customer-based detection of online fraud
US7444379B2 (en) 2004-06-30 2008-10-28 International Business Machines Corporation Method for automatically setting chat status based on user activity in local environment
US8145708B2 (en) 2006-11-10 2012-03-27 Microsoft Corporation On-line virtual robot (bot) security agent
WO2010078614A1 (en) * 2009-01-08 2010-07-15 Relevancenow Pty Limited Chatbots
US8260465B2 (en) 2009-07-17 2012-09-04 Rain Bird Corporation Data communication in a multi-wire irrigation control system
CA2675664A1 (en) 2009-08-28 2009-11-05 Ibm Canada Limited - Ibm Canada Limitee Escalation of user identity and validation requirements to counter a threat
US8279779B2 (en) * 2009-12-10 2012-10-02 Verizon Patent And Licensing Inc. Method and system for virtual agent session monitoring and barge-in
US9058486B2 (en) * 2011-10-18 2015-06-16 Mcafee, Inc. User behavioral risk assessment
CA3122358C (en) * 2012-05-02 2023-10-03 Safeop Surgical Inc. System, method, and computer algorithm for characterization and classification of electrophysiological evoked potentials
EP2883204B1 (en) * 2012-08-10 2020-10-07 Nuance Communications, Inc. Virtual agent communication for electronic devices
WO2014088912A1 (en) 2012-12-06 2014-06-12 The Boeing Company Context aware network security monitoring for threat detection
US20140164532A1 (en) * 2012-12-11 2014-06-12 Nuance Communications, Inc. Systems and methods for virtual agent participation in multiparty conversation
US9189742B2 (en) * 2013-11-20 2015-11-17 Justin London Adaptive virtual intelligent agent
EP3195066B1 (en) * 2014-09-06 2019-08-07 Mazebolt Technologies Ltd. Non-disruptive ddos testing
US20160071517A1 (en) * 2014-09-09 2016-03-10 Next It Corporation Evaluating Conversation Data based on Risk Factors
IL235423A0 (en) * 2014-10-30 2015-01-29 Ironscales Ltd Method and system for mitigating targeted phishing attacks
US9900336B2 (en) * 2014-11-03 2018-02-20 Vectra Networks, Inc. System for detecting threats using scenario-based tracking of internal and external network traffic
US9954891B2 (en) * 2015-05-18 2018-04-24 Verizon Digital Media Services Inc. Unobtrusive and dynamic DDoS mitigation
JP6028839B1 (ja) 2015-07-16 2016-11-24 日本電気株式会社 通信装置、通信処理方法、プログラム
US10791072B2 (en) 2015-09-14 2020-09-29 Fujitsu Limited Generating conversations for behavior encouragement
US10664741B2 (en) * 2016-01-14 2020-05-26 Samsung Electronics Co., Ltd. Selecting a behavior of a virtual agent
JP6232456B2 (ja) 2016-02-02 2017-11-15 エヌ・ティ・ティ・コミュニケーションズ株式会社 制御装置、緩和システム、制御方法及びコンピュータプログラム
US20170242886A1 (en) * 2016-02-19 2017-08-24 Jack Mobile Inc. User intent and context based search results
US20170277792A1 (en) * 2016-03-24 2017-09-28 Cyber-Ark Software Ltd. Adaptive response generation on an endpoint
US9812127B1 (en) * 2016-04-29 2017-11-07 Conduent Business Services, Llc Reactive learning for efficient dialog tree expansion
US11250841B2 (en) * 2016-06-10 2022-02-15 Conduent Business Services, Llc Natural language generation, a hybrid sequence-to-sequence approach
US10193923B2 (en) * 2016-07-20 2019-01-29 Duo Security, Inc. Methods for preventing cyber intrusions and phishing activity
US20180054523A1 (en) * 2016-08-16 2018-02-22 Rulai, Inc. Method and system for context sensitive intelligent virtual agents
US20180075014A1 (en) * 2016-09-11 2018-03-15 Xiaojiang Duan Conversational artificial intelligence system and method using advanced language elements
US11206248B2 (en) * 2016-09-23 2021-12-21 Ncr Corporation Multifactor authentication from messaging systems
US20180114527A1 (en) * 2016-10-25 2018-04-26 IPsoft Incorporated Methods and systems for virtual agents
US10904288B2 (en) * 2017-04-18 2021-01-26 Perspecta Labs Inc. Identifying and deceiving adversary nodes and maneuvers for attack deception and mitigation
US10762201B2 (en) * 2017-04-20 2020-09-01 Level Effect LLC Apparatus and method for conducting endpoint-network-monitoring
US10817670B2 (en) * 2017-05-10 2020-10-27 Oracle International Corporation Enabling chatbots by validating argumentation
US20190068527A1 (en) * 2017-08-28 2019-02-28 Moveworks, Inc. Method and system for conducting an automated conversation with a virtual agent system
US10673787B2 (en) * 2017-10-03 2020-06-02 Servicenow, Inc. Virtual agent conversation service
US10574598B2 (en) 2017-10-18 2020-02-25 International Business Machines Corporation Cognitive virtual detector

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7716247B2 (en) * 2006-12-18 2010-05-11 Microsoft Corporation Multi-protocol access to files and directories
US20130031042A1 (en) * 2011-07-27 2013-01-31 Sintayehu Dehnie Distributed assured network system (DANS)
US20150071088A1 (en) * 2013-09-06 2015-03-12 Qualcomm Incorporated Pipelining Registration and Conflict Detection in Dual-SIM-Dual-Active Communication Device Coexistence

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10574598B2 (en) 2017-10-18 2020-02-25 International Business Machines Corporation Cognitive virtual detector
US11206228B2 (en) 2017-10-18 2021-12-21 International Business Machines Corporation Cognitive virtual detector
US11386226B2 (en) 2019-10-21 2022-07-12 International Business Machines Corporation Preventing leakage of selected information in public channels
JP2021174276A (ja) * 2020-04-27 2021-11-01 Kddi株式会社 判定装置、判定方法及び判定プログラム
JP7349404B2 (ja) 2020-04-27 2023-09-22 Kddi株式会社 判定装置、判定方法及び判定プログラム

Also Published As

Publication number Publication date
US10574598B2 (en) 2020-02-25
GB2581741A (en) 2020-08-26
JP7083559B2 (ja) 2022-06-13
GB202007194D0 (en) 2020-07-01
US20200153763A1 (en) 2020-05-14
US11206228B2 (en) 2021-12-21
CN111213161A (zh) 2020-05-29
US20190116136A1 (en) 2019-04-18
JP2021500645A (ja) 2021-01-07
CN111213161B (zh) 2023-11-10

Similar Documents

Publication Publication Date Title
US11206228B2 (en) Cognitive virtual detector
EP3989505B1 (en) Dynamically injecting security awareness training prompts into enterprise user flows
US10460102B2 (en) Cognitive learning to counter security threats for kinematic actions in robots
Bock et al. {unCaptcha}: A {Low-Resource} Defeat of {reCaptcha's} Audio Challenge
US20230291761A1 (en) Monitoring and Preventing Remote User Automated Cyber Attacks
US9747436B2 (en) Method, system, and device of differentiating among users based on responses to interferences
CN108780475B (zh) 用于虚拟辅助的个性化推论认证
US9531701B2 (en) Method, device, and system of differentiating among users based on responses to interferences
US9069942B2 (en) Method and device for confirming computer end-user identity
EP3523743B1 (en) Detection of compromised devices via user states
CN109983745A (zh) 使用具有自然语言接口的自动机器人程序来改善安全警报响应和调解的响应时间的安全系统和方法
EP3992824B1 (en) Bayesian continuous user authentication
US12130943B1 (en) Generative artificial intelligence model personally identifiable information detection and protection
CA3170593A1 (en) Detection of phishing websites using machine learning
Huang et al. AI Agents in Offensive Security
JP7320462B2 (ja) アクセス権に基づいてコンピューティングデバイス上でタスクを実行するシステムおよび方法
US20240427862A1 (en) Unauthorized Activity Detection Based on Input Analysis and Monitoring
US20220269781A1 (en) Intelligent Friction for Authentication Methods and Systems
Snodgrass et al. An Empirical Study of Alexa Skill System from Malicious Skill Developers
Проценко et al. MOBILE APPLICATION SECURITY ANALYSIS MODEL BASED ON ARTIFICIAL INTELLIGENCE
CN119357952A (zh) 窃取攻击行为检测方法、装置、设备及存储介质
Costa Security threats management in android systems
Holstein Analysis of Attack Methods with Artificial Intelligence
Shuvo et al. Suspicious Behavior Detection Framework for Social Networking Sites Using Hidden Markov Model
Wang et al. SmartBackdoor: Malicious Language Model Agents that Avoid Being Caught

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18867511

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2020520029

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 202007194

Country of ref document: GB

Kind code of ref document: A

Free format text: PCT FILING DATE = 20181010

122 Ep: pct application non-entry in european phase

Ref document number: 18867511

Country of ref document: EP

Kind code of ref document: A1

ENPC Correction to former announcement of entry into national phase, pct application did not enter into the national phase

Ref country code: GB