Description:FIELD OF THE INVENTION

[0001] The present invention relates to an artificial intelligence driven threat detection system to detect cyber threats as well as enable mitigation, thereby enhancing threat prioritization and ensuring secure data handling with minimizing response time and automating mitigation actions.

BACKGROUND OF THE INVENTION

[0002] With the increasing digitization of businesses and the proliferation of network-connected devices, cyber threats have become more frequent, sophisticated, and damaging. Malicious actors exploit vulnerabilities in network infrastructures, user accounts, and connected devices to launch attacks such as malware infections, phishing scams, ransomware, and unauthorized intrusions, causing significant financial and operational losses.

[0003] Traditional cybersecurity measures often rely on signature-based detection, manual rule configurations, and periodic updates. Such approaches are slow to react to novel threat patterns that do not match existing signatures. Moreover, many existing solutions lack the ability to adapt autonomously to evolving threat landscapes.

[0004] WO2018049437A2 discloses an Artificial Intelligence (AI) system within a distributed computer network the AIS configured to manage and neutralise cybersecurity threats by recording data pertaining to existing cybersecurity threats (which includes threats, vulnerabilities and mutations thereof) and countermeasures effective against such known threats and vulnerabilities, to scan the network for new threats and vulnerabilities, iteratively to develop and apply countermeasures to the new threat or vulnerability until an effective countermeasure is found, and to record abstract the threat or vulnerability and the effective countermeasure.

[0005] KR102674186B1 discloses a security enhancement system for intelligent personalized integrated threat management, and more specifically, to a security enhancement system for intelligent personalized integrated threat management through artificial intelligence analysis that can create a safe smart security-enhanced infrastructure within a smart home, and furthermore, solves and enhances the security issue, which is the biggest barrier in the smart home market, through a Big Data system based on In-Memory Data and an artificial intelligence engine based on distributed processing. In order to achieve the above object, the present invention is characterized by including: an IoT device comprising at least one electronic device and a sensor within a certain range within a smart home; at least one smart device carried by a user or worn on a body; an integrated threat management device for performing intelligent personalized integrated threat management through a smart home security network for data communication between at least one device by connecting the IoT device and the smart device via wired or wireless means; and a policy management server for creating a database of traffic information on data of the at least one device performing the security network from the integrated threat management device and updating and managing security policy information in real time through deep learning based on the traffic information.

[0006] Conventionally, many systems suffer from high false positive rates, delayed threat response, and limited automation in mitigation, which increases the workload on cybersecurity personnel and reduces overall effectiveness in preventing breaches.

[0007] In order to overcome the aforementioned drawbacks, there exists a need in the art to develop a system that requires to be capable of leveraging artificial intelligence and machine learning to monitor network activity continuously, identify emerging threats, prioritize risk based on context, and execute automated responses.

OBJECTS OF THE INVENTION

[0008] The principal object of the present invention is to overcome the disadvantages of the prior art.

[0009] An object of the present invention is to develop a system capable of monitoring network activity, user actions, and device behavior to identify potential cyber threats in real time, thereby enhancing network security.

[0010] Another object of the present invention is to develop a system that employs machine learning protocols to adaptively learn normal behavior patterns and detect novel and evolving cyber threats without requiring manual updates.

[0011] Another object of the present invention is to develop a system that provides immediate alerts to administrators or security personnel, thereby enabling rapid response and mitigation.

[0012] Another object of the present invention is to develop an automated response module to minimize damage and reduce response time.

[0013] Another object of the present invention is to develop a system to ensure encrypted collection, transmission, and storage of sensitive data from diverse network devices, complying with data privacy standards.

[0014] Yet another object of the present invention is to develop a to safely restore network operations, preventing further damage during the recovery phase.

[0015] The foregoing and other objects, features, and advantages of the present invention will become readily apparent upon further review of the following detailed description of the preferred embodiment as illustrated in the accompanying drawings.

SUMMARY OF THE INVENTION

[0016] The present invention relates to an artificial intelligence driven threat detection system that continuously monitors network environments to identify cyber threats, and automatically initiates mitigation actions, thereby minimizing damage and enhancing network security.

[0017] According to an embodiment of the present invention, an artificial intelligence driven threat detection system, comprises an artificial Intelligence-Based analysis module to detect unusual patterns indicative of cyber threats and uses machine learning to learn normal behavior patterns for each device and user, improving its ability to spot new kinds of threats over time, a data collection unit comprising sensors and logging arrangements to gather real-time data and to transmit this data to the AI-based analysis module.

[0018] According to an embodiment of the present invention the system further comprises a threat alert unit coupled to the AI-based analysis module to generate and send immediate warnings to designated security teams using threat detection data to tighten access controls during an attack, an automated response module integrated with the threat alert system, to minimize response time and potential damage, a contextual analysis engine within the AI-based analysis module to prioritize threats based on severity and provide detailed insights for threat assessment, an encrypted data management unit to protect sensitive information across diverse devices and networks and a recovery control unit works with the threat alert unit preventing further damage during the restoration process.

BRIEF DESCRIPTION OF THE DRAWINGS

[0019] These and other features, aspects, and advantages of the present invention will become better understood with regard to the following description, appended claims, and accompanying drawings where:
Figure 1 illustrates a flow chart of an artificial intelligence driven threat detection system.

DETAILED DESCRIPTION OF THE INVENTION

[0020] The following description includes the preferred best mode of one embodiment of the present invention. It will be clear from this description of the invention that the invention is not limited to these illustrated embodiments but that the invention also includes a variety of modifications and embodiments thereto. Therefore, the present description should be seen as illustrative and not limiting. While the invention is susceptible to various modifications and alternative constructions, it should be understood, that there is no intention to limit the invention to the specific form disclosed, but, on the contrary, the invention is to cover all modifications, alternative constructions, and equivalents falling within the spirit and scope of the invention as defined in the claims.

[0021] In any embodiment described herein, the open-ended terms "comprising," "comprises,” and the like (which are synonymous with "including," "having” and "characterized by") may be replaced by the respective partially closed phrases "consisting essentially of," consists essentially of," and the like or the respective closed phrases "consisting of," "consists of, the like.

[0022] As used herein, the singular forms “a,” “an,” and “the” designate both the singular and the plural, unless expressly stated to designate the singular only.

[0023] The present invention relates to an artificial intelligence driven threat detection system that detects cyber threat in an automated manner, thereby enhancing operational safety and minimizing cybersecurity risks.

[0024] Referring to Figure 1, a flow chart of an artificial intelligence driven threat detection system is illustrated.

[0025] The system disclosed herein includes an AI analysis module that utilizes machine learning protocols to establish and continuously refine behavioral profiles unique to each device and user within the network. Initially, the AI analysis module collects extensive data on normal patterns of network usage, including typical login times, common accessed resources, standard communication endpoints, and routine device activities. Over time, this data is processed to build a comprehensive baseline model for each user and device, capturing their expected behavior in diverse contexts.

[0026] By learning these normal behavior patterns, the module enhances its ability to identify subtle anomalies that may signal emerging or previously unseen threats. Unlike traditional signature-based detection methods that require manual updates, the AI Analysis Module autonomously updates its understanding of normal and abnormal behaviors as the network environment evolves.

[0027] The machine learning protocols included in the AI analysis module analyze real-time data to detect anomalous patterns deviating from established norms. These deviations indicate potential cyber threats such as malware infiltration, phishing attempts, unauthorized access, or hacking activities. The machine learning protocols are designed to learn and update their understanding dynamically through ongoing training processes.

[0028] In practice, the machine learning protocols ingests network traffic data, user login patterns, file access logs, and device operation metrics to establish baseline behavioral profiles. Any deviations, such as unusual data transfers, irregular login times, or unexpected device commands, trigger alerts for further inspection. By maintaining a constantly evolving knowledge base, the module improves detection accuracy and reduces false positives over time.

[0029] The system further includes a data collection unit that plays a critical role in enables a comprehensive threat detection by feeding the AI-based analysis module with real-time information. The data collection unit comprises multiple sensors and logging arrangements that are deployed across the network infrastructure, including on-premise computers, cloud-based platforms, and Internet of Things (IoT) devices.

[0030] Each sensor is designed to monitor various forms of network activity, such as incoming and outgoing traffic, login attempts, file access events, and communication patterns. Logging arrangements capture user interactions like access to sensitive files, execution of privileged commands, and unusual connection behaviors. In addition, the data collection unit monitors device-specific parameters, including CPU usage, memory activity, and operational status, helping identify abnormal behavior indicative of compromise or misuse.

[0031] All the gathered data is continuously streamed to the artificial intelligence-based analysis module. The collected data provides the necessary input for the analysis module to detect cyber threats through pattern recognition, anomaly detection, and contextual evaluation.

[0032] By integrating diverse sources of network and device activity, the data collection unit ensures that the AI-based analysis module has a full and current picture of the network’s operational status.

[0033] A threat alert unit is included in the system that operates in coordination with the AI-based analysis module to provide immediate notification upon the detection of any potential threat. The threat alert unit is coupled to the analysis module and is configured to receive real-time threat indicators derived from the continuous monitoring of network activity, user behavior, and device performance.

[0034] Once the analysis module identifies an anomaly or behavior consistent with known or emerging cyber threats, such as unauthorized access attempts, abnormal data transfers, or interaction with malicious entities, the threat alert unit is triggered. Upon activation, the threat alert unit generates alerts that encapsulate key threat details including the type of threat, affected devices or users, threat severity, and time of detection.

[0035] By providing detailed, context-aware alerts in real-time, the threat alert unit enables administrators and automated systems to act immediately to isolate threats, prevent further intrusion, and initiate containment procedures.

[0036] A functionality is included within the AI-based analysis module that enables real-time blocking of suspicious users, enhancing the network's defensive posture during active cyber threats. When a threat is detected, the AI-based analysis module evaluates the origin and nature of the suspicious behavior using its updated machine learning protocols. If the behavior is consistent with known attack vectors such as repeated failed login attempts, abnormal access to sensitive files, or commands executed outside of a user's normal profile, the AI-based analysis module classifies the user or device as a threat actor.

[0037] Immediately upon classification, the AI-based analysis module triggers an access control adjustment procedure. This procedure includes revoking user credentials, terminating current sessions, isolating the affected device from the network, or modifying permissions to restrict further access. These actions are executed automatically, in real-time, without requiring human intervention, limiting the potential spread or impact of the threat.

[0038] An automated response module is included in the system that operates in coordination with the threat alert unit to execute predefined mitigation actions as soon as a cyber threat is detected and confirmed. The automated response module receives real-time alerts from the AI-based analysis module whenever a suspicious activity or confirmed threat is identified.

[0039] Upon receipt of a threat alert, the module refers to a predefined set of threat-response protocols that correspond to the nature and severity of the detected anomaly. These protocols are established based on organizational policies and customized to suit different network environments.

[0040] In addition, the automated response module continuously updates its mitigation procedures based on new threats and lessons learned from past incidents, either through administrator input or feedback loops from the AI-based analysis module.

[0041] The system further includes a contextual analysis engine embedded within the AI-based analysis module. This engine is designed to enhance the accuracy and relevance of threat detection by correlating identified anomalies with a range of contextual data points. Upon receiving behavioral data from the data collection unit and anomaly signals from the AI detection layer, the contextual analysis engine evaluates the threat by considering several dynamic and static parameters such as user roles, device types, network topology and historical behavior.

[0042] By integrating these contextual factors, the engine assigns a threat severity score to each detected event. The scoring allows the system to prioritize incidents that present the most serious or immediate risk, ensuring that limited human response resources focus on the most critical issues first.

[0043] The contextual analysis engine also provides detailed diagnostic insights and justifications for each prioritization decision. These insights are relayed to system administrators via the threat alert unit.

[0044] Furthermore, the contextual analysis engine continuously refines its threat correlation logic through feedback loops. When administrators confirm, dismiss, or adjust threat classifications, the engine incorporates these decisions into its future evaluations.

[0045] The system further comprises an encrypted data management unit that is configured to handle all stages of data flow between the data collection unit and the AI-based analysis module. The unit is responsible for applying end-to-end encryption protocols to data as soon as it is collected from various sources, such as endpoint devices, cloud servers, or IoT systems.

[0046] In addition to encryption, the data management unit enforces strict data validation and integrity checks. These arrangements verify that data has not been altered or corrupted during transit, validating digital signatures or cryptographic hashes associated with each data packet.

[0047] To align with global and industry-specific data privacy standards such as GDPR, HIPAA, or ISO/IEC 27001, the data management unit incorporates rule-based access controls, logging of data handling activities, and anonymization techniques when processing personally identifiable information (PII).

[0048] Furthermore, the encrypted data management unit supports secure key management practices. Encryption keys are stored in hardened, access-controlled environments, and are rotated periodically to prevent key compromise. Multi-factor authentication is also implemented for any administrative access to key infrastructure.

[0049] The present invention works best in the following manner, where the data collection unit throughout all relevant digital environments. The data collection unit comprises hardware-based and protocol-based logging arrangements and sensors configured to continuously monitor user behavior, network activity, system logs, device states, and traffic patterns in real time. The gathered data is securely transmitted using the encrypted data management unit. The data collection unit ensures end-to-end encryption during transmission and storage to protect sensitive information. The encrypted data is then relayed to the AI-based analysis module for further evaluation. The artificial intelligence-based analysis module receives the input and processes it using pre-trained and continuously learning machine learning models. The module compares current activity against learned behavioral baselines for each user and device, updating its threat models over time. Upon detection of suspicious activity or anomalies, the analysis module transfers the classified threat data to the contextual analysis engine, which enhances detection accuracy by considering contextual variables such as the user's typical behavior, role, device type, connection geography, and historical interaction patterns.

[0050] In continuation, once the high-severity threat is identified, the threat alert unit is activated, generating a detailed threat notification containing the type, source, target, and suggested response. Simultaneously, the automated response module engages to initiate predefined countermeasures. Based on the threat category, automated response module isolates infected nodes from the network, block communications with known malicious IPs. The recovery control unit remains dormant until the threat alert unit confirms complete isolation of the attack. Once containment is verified, the recovery control unit initiates system recovery processes such as restoring from secure backups, reinitializing interrupted services, and validating file integrity using stored hashes. Throughout this process, the AI-based module learns from each detected event and response outcome, enhancing future detection accuracy and response effectiveness.

[0051] Although the field of the invention has been described herein with limited reference to specific embodiments, this description is not meant to be construed in a limiting sense. Various modifications of the disclosed embodiments, as well as alternate embodiments of the invention, will become apparent to persons skilled in the art upon reference to the description of the invention. , Claims:1) An artificial intelligence driven threat detection system, comprising:

i) an artificial Intelligence-Based analysis module that continuously monitors network activity, user actions, and device behavior across a networked environment, utilizing machine learning protocols to detect unusual patterns indicative of cyber threats such as malware, phishing, or hacking attempts, and capable of adapting to new threat patterns through ongoing training;
ii) a data collection unit comprising sensors and logging arrangements deployed across computers, cloud servers, and Internet of Things (IoT) devices, configured to gather real-time data on network traffic, user interactions, and device states, and to transmit this data to the AI-based analysis module for processing and analysis;
iii) a threat alert unit communicatively coupled to the AI-based analysis module, designed to generate and send immediate warnings to designated system components, administrators, or security teams when a potential threat is identified, enabling rapid response to mitigate risks;
iv) an automated response module integrated with the threat alert system, configured to execute predefined mitigation actions upon receiving a threat alert, such as isolating compromised devices, blocking malicious IP addresses, or restricting suspicious network traffic, to minimize response time and potential damage;
v) a contextual analysis engine within the AI-based analysis module that correlates detected anomalies with contextual data, including user roles, device types, network topology, and historical behavior, to prioritize threats based on severity and provide detailed insights for more accurate threat assessment; and
vi) an encrypted data management unit that ensures secure collection, transmission, and storage of data from the data collection unit to the AI-based analysis module, employing end-to-end encryption and compliance with data privacy standards to protect sensitive information across diverse devices and networks.

2) The system as claimed in claim 1, wherein the AI Analysis Module uses machine learning to learn normal behavior patterns for each device and user, improving its ability to spot new kinds of threats over time, so it gets better at catching attacks without needing manual updates.

3) The system as claimed in claim 1, where a recovery control Unit works with the threat alert unit to start recovery only after a threat is fully isolated, preventing further damage during the restoration process.

4) The system as claimed in claim 1, wherein the Analysis Module blocks suspicious users in real time, using threat detection data to tighten access controls during an attack.