Patent attributes
Computer-implemented method of detecting potential cybersecurity threats from collected data pertaining to a monitored network, the collected data comprising network data and/or endpoint data. The method comprises structuring the collected data as at least one data matrix, each row of the data matrix being a datapoint and each column corresponding to a feature. The method also comprises identifying one or more datapoints as anomalous, thereby detecting a potential cybersecurity threat. The method also comprises extracting causal information about the anomalous datapoint based on an angular relationship between a second-pass coordinate vector of the anomalous datapoint and a second-pass coordinate vector of one or more features. The second-pass coordinate vectors are determined by applying a second-pass singular value decomposition (SVD) to a residuals matrix. The residuals matrix is computed between the data matrix and an approximation of the data matrix by applying a first-pass truncated SVD to the data matrix.
