Patent attributes
Identifying and protecting against evolving cyberattacks using temporal word embeddings. In some embodiments, a method may include identifying sequences of security events that occurred over time on endpoint devices. The method may also include embedding each of the sequences of security events into low dimensional vectors, such that each of the sequences of security events is treated as a sentence, and such that each of the security events is treated as a word in the corresponding sentence. The method may further include analyzing the low dimensional vectors to identify a first cyberattack represented by a first sequence of security events and a second cyberattack represented by a second sequence of security events that is different from the first sequence of security events, the second cyberattack being an evolved version of the first cyberattack. The method may also include, in response to identifying the second cyberattack, protecting against the second cyberattack.