Research

DIGEST: Darktrace Incident Graph Evaluation for Security Threats

DIGEST is Darktrace’s latest machine learning model designed to assess the severity of cybersecurity incidents using graph and recurrent neural networks. Built on real-world incident data, DIGEST analyzes dynamic graphs formed by interactions between users, devices, and resources. By assigning severity scores, it enables security teams to prioritize investigations and respond faster to critical threats. This brief outlines the model’s development—from dataset creation and training to deployment—highlighting how DIGEST enhances Darktrace’s Cyber AI Analyst capabilities and improves incident triage through advanced, automated threat evaluation.

Download this research paper

We present our latest research on dynamic graph analysis using graph neural networks and recurrent neural networks. Our new graph analysis model, DIGEST, proactively examines and evaluates cyber security incidents, returning a score measuring their inherent severity. In this brief, we detail the creation process behind DIGEST including model architecture, training, optimization and deployment. We show real life examples of how DIGEST is used to aide customers in responding to critical threats.

Researcher
Philip Sellars
Machine Learning Research Lead
Tim Bazalgette
Chief AI Officer
Research Abstracts
Rapid Process-Chain Anomaly Detection Using a Multistage Classifier
Sorting long lists of file names by relevance and sensitive content
A system for analyzing network activity to detect stealthy cryptocurrency mining
Autonomous detection of the intended function of a corporate inbox through meta-scoring
Using epidemiology theory to identify the most damaging network devices
Automatic Identification of Scanned IP Ranges
A real-time, self-correcting similarity classifier for emails
Using graph theory to identify critical nodes within computer networks
Analyzing network activity to detect compromised devices sending spam emails
Detecting and preventing misdirected emails with correspondence semantics
AI Research Centre

Backed in Research.

In existence since Darktrace’s inception in 2013, the Darktrace AI Research Centre is foundational to our continued innovation. Rather than a defined product roadmap, the Centre looks at how AI can be applied to real-world challenges, to find solutions that cannot be achieved by humans alone.

Visit our AI Research Centre