公开(公告)号：US12111718B2

公开(公告)日：2024-10-08

申请号：US17373107

申请日：2021-07-12

Applicant: Citrix Systems, Inc.

Inventor： Satyendra Tiwari ,  Nikolaos Georgakopoulos ,  Utkarsh Agarwal ,  Pavan Belani ,  Srinivas Reddy Kasu ,  Rahul Kumar

IPC: G06F11/00 ,  G06F11/07 ,  G06F16/28

CPC classification number: G06F11/0751 ,  G06F11/0721 ,  G06F16/285

Abstract: Systems and methods of reconstructing execution call flows to detect anomalies are provided. A device can establish call flows using information extracted from a log file. Each of the call flows can identify information from the log file of a call flowing through a plurality of modules. The device can identify a count of a number of occurrences of one or more keywords in information of each call flow. The device can generate a vector of numbers for each call flow based at least on the count for the one or more keywords for that call flow. The device can classify each call flow into one or more clusters that indicate whether an operation of the call flow is anomalous. The device can classify each call flow using the vector of numbers for each call flow.

公开(公告)号：US20220382617A1

公开(公告)日：2022-12-01

申请号：US17373107

申请日：2021-07-12

Applicant: Citrix Systems, Inc.

Inventor： Satyendra Tiwari ,  Nikolaos Georgakopoulos ,  Utkarsh Agarwal ,  Pavan Belani ,  Srinivas Reddy Kasu ,  Rahul Kumar

IPC: G06F11/07 ,  G06F16/28

Abstract: Systems and methods of reconstructing execution call flows to detect anomalies is provided. A device can establish call flows using information extracted from a log file to. Each of the call flows can identify information from the log file of a call flowing through a plurality of modules. The device can identify a count of a number of occurrences of one or more keywords in information of each call flow. The device can generate a vector of numbers for each call flow based at least on the count for the one or more keywords for that call flow. The device can classify each call flow into one or more clusters that indicate whether an operation of the call flow is anomalous. The device can classify each call flow using the vector of numbers for each call flow.