公开(公告)号：US10212223B2

公开(公告)日：2019-02-19

申请号：US15282761

申请日：2016-09-30

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Jerome Rolia ,  Martin Arlitt ,  Gowtham Bellala ,  Wei-Nchih Lee ,  Jose Alberto Cueto Barcenas ,  Sherif Abdelwahab

IPC: G06F15/173 ,  H04L29/08 ,  H04L12/24

Abstract: Overlay networks of application components are managed. Applicant components may create overlay networks based on policies of the application components and an environment of the overlay network. The overlay network may be adjusted based on changes to the policies or the environment.

公开(公告)号：US20180268264A1

公开(公告)日：2018-09-20

申请号：US15543745

申请日：2015-01-28

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Manish Marwah ,  Aniket Chakrabarti ,  Martin Arlitt

IPC: G06K9/62 ,  H04L29/06

CPC classification number: G06K9/6297 ,  G01D21/00 ,  G06K9/623 ,  H04L63/1425

Abstract: A technique that includes predicting data acquired by a network of sensors based at least in part on a graphical model of the network, where the graphical model includes true value nodes, observed value nodes and edge factors based at least in part on historical pairwise dependencies for the observed value nodes. The technique includes detecting anomalous sensor data based at least in part on the predicted data.

公开(公告)号：US20170318037A1

公开(公告)日：2017-11-02

申请号：US15142687

申请日：2016-04-29

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Jerome Rolia ,  Martin Arlitt ,  Alberto Cueto ,  Rodrigo Novelo ,  Wei-Nchih Lee ,  Gowtham Bellala

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  G06F21/55 ,  G06F21/554 ,  H04L63/1425

Abstract: Examples relate to distributed anomaly management. In one example, a computing device may: receive real-time anomaly data for a first set of client devices, wherein the received anomaly data includes: anomalous network behavior data received from a network intrusion detection system (NICKS) monitoring network traffic behavior, anomalous host event data received from a host intrusion detection system (HIDS) monitoring host events originating from client devices in the first set, and anomalous process activity data received from a trace intrusion detection system (TIDS) monitoring process activity performed by client devices in the first set; for each client device in the first set of client devices for which anomaly data is received, associate the received anomaly data with the client device; and determine, for a particular client device, a measure of risk, wherein the measure of risk is dynamically adjusted based on the received real-time anomaly data.

公开(公告)号：US20180097876A1

公开(公告)日：2018-04-05

申请号：US15282761

申请日：2016-09-30

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Jerome Rolia ,  Martin Arlitt ,  Gowtham Bellala ,  Wei-Nchih Lee ,  Jose Alberto Cueto Barcenas ,  Sherif Abdelwahab

IPC: H04L29/08 ,  H04L12/24

CPC classification number: H04L67/1076 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/5025 ,  H04L41/5051 ,  H04L41/5096 ,  H04L67/1046

Abstract: Examples herein involve managing overlay networks of application components. In examples herein, application components may create overlay networks based on policies of the application components and an environment of the overlay network. The overlay network may be adjusted based on changes to the policies or the environment.

公开(公告)号：US20160217378A1

公开(公告)日：2016-07-28

申请号：US14914141

申请日：2013-08-30

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Gowtham Bellala ,  Manish Marwah ,  Martin Arlitt ,  Amip J. Shah

IPC: G06N5/04 ,  G06N99/00

CPC classification number: G06N5/04 ,  G05B15/02 ,  G05B23/024 ,  G06N20/00

Abstract: Described herein are techniques for identifying anomalous behavior of a monitored entity. Features can be extracted from data related to operation of an entity. The features can be mapped to a plurality of states to generate a state sequence. An observed value of a metric can be compared to an expected value of the metric based on the state sequence.

Abstract translation: 这里描述的是用于识别受监视实体的异常行为的技术。 可以从与实体的操作相关的数据中提取特征。 可以将特征映射到多个状态以生成状态序列。 可以将度量的观察值与基于状态序列的度量的期望值进行比较。