公开(公告)号：US20190065738A1

公开(公告)日：2019-02-28

申请号：US15692655

申请日：2017-08-31

Applicant: EntIT Software LLC

Inventor： Mijung Kim ,  Pratyusa K. Manadhata ,  Manish Marwah ,  Alexander Ulanov ,  Jun Li

IPC: G06F21/55 ,  G06F21/57 ,  G06N3/08

Abstract: In some examples, a system extracts features from event data representing events in a computing environment, trains ensembles of machine-learning models for respective analytics modules of a plurality of different types of analytics modules, and detects, by the different types of analytics modules using the respective trained ensembles of machine-learning models, an anomalous entity in response to further event data.

公开(公告)号：US11244043B2

公开(公告)日：2022-02-08

申请号：US16426862

申请日：2019-05-30

Applicant: ENTIT SOFTWARE LLC

Inventor： Manish Marwah ,  Andrey Simanovsky

IPC: G06F21/55 ,  H04L29/06 ,  G06N5/04 ,  G06N20/00

Abstract: In some examples, a system determines a dependency among a plurality of anomaly detectors, the determining comprising clustering anomaly detectors of the plurality of anomaly detectors into clusters of anomaly detectors. The system aggregates anomaly scores produced by anomaly detectors in a first cluster of anomaly detectors, to generate a first aggregate anomaly score, and detects an anomaly using the first aggregate anomaly score.

公开(公告)号：US20200382534A1

公开(公告)日：2020-12-03

申请号：US16426856

申请日：2019-05-30

Applicant: ENTIT SOFTWARE LLC

Inventor： Andrey Simanovsky ,  Manish Marwah

IPC: H04L29/06

Abstract: In some examples, a system computes risk scores relating to points corresponding to events in a computing environment, using a plurality of different risk score computation techniques, and generates a plurality of visualizations representing the points. The plurality of visualizations include a first visualization representing the points and including the risk scores computed using a first risk score computation technique of the different risk score computation techniques, and a second visualization representing the points and including the risk scores computed using a second risk score computation technique of the different risk score computation techniques.

公开(公告)号：US20200380117A1

公开(公告)日：2020-12-03

申请号：US16426862

申请日：2019-05-30

Applicant: ENTIT SOFTWARE LLC

Inventor： Manish Marwah ,  Andrey Simanovsky

IPC: G06F21/55 ,  H04L29/06

Abstract: In some examples, a system determines a dependency among a plurality of anomaly detectors, the determining comprising clustering anomaly detectors of the plurality of anomaly detectors into clusters of anomaly detectors. The system aggregates anomaly scores produced by anomaly detectors in a first cluster of anomaly detectors, to generate a first aggregate anomaly score, and detects an anomaly using the first aggregate anomaly score.

公开(公告)号：US20190303716A1

公开(公告)日：2019-10-03

申请号：US15938624

申请日：2018-03-28

Applicant: ENTIT Software LLC

Inventor： Manish Marwah ,  Xiao Zhang ,  Martin Arlitt

IPC: G06K9/62 ,  G06F17/18 ,  G06F17/17 ,  G06F15/18

Abstract: Points around a point of interest are sampled. The points and the point of interest each have a value for each of a number of input features. The points and the point of interest each have a corresponding output score for a machine learning model. A feature contribution vector for the input features is determined by locally approximating the machine learning model at the points and the point of interest using a model, such as a ridge regression model. The ridge regression model can have a loss function, which can include a Kullback-Leibler (KL) divergence term. The feature contribution vector approximates for any point a contribution of each input feature to the output score of this point by the machine learning model. The input features most responsible for the machine learning model having provided the corresponding output score for the point of interest, based on the feature contribution vector, are provided.

公开(公告)号：US20190064752A1

公开(公告)日：2019-02-28

申请号：US15689047

申请日：2017-08-29

Applicant: EntIT Software LLC

Inventor： Manish Marwah ,  Mijung Kim ,  Pratyusa K. Manadhata

IPC: G05B13/02 ,  G06F15/18

Abstract: In some examples, a system balances a number of positive data points and a number of negative data points, to produce a balanced training data set, where the positive data points comprise features associated with authentication events that are positive with respect to an unauthorized classification, and the negative data points comprise features associated with authentication events that are negative with respect to the unauthorized classification. The system trains a plurality of models using the balanced training data set, wherein the plurality of models are trained according to respective different machine learning techniques. The system selects a model from the trained plurality of models based on relative performance of the plurality of models.

公开(公告)号：US20170372214A1

公开(公告)日：2017-12-28

申请号：US15545008

申请日：2015-01-30

Applicant: ENTIT SOFTWARE LLC

Inventor： Hao Peng ,  Manish Marwah ,  Krishnamurthy Viswanathan ,  Indrajit Roy

IPC: G06N7/00 ,  G06K9/62 ,  G06N99/00 ,  G06F17/18 ,  G06N5/04

CPC classification number: G06N7/005 ,  G06F17/18 ,  G06K9/6282 ,  G06N5/047 ,  G06N20/00

Abstract: Method, systems, and computer-readable storage devices for updating a prediction model are described. In one aspect, a statistical analysis group assignment may be received. The statistical analysis group assignment may group partition-level worker node and a first set of partition-level worker nodes as a statistical analysis group. A statistical analysis phase may then be executed where a group-level decision tree is generated from statistical data and other statistical data received from the first set of partition-level worker nodes. A decision tree analysis phase may then be executed, where a step decision tree may be generated based on a selection from the group-level tree and other group-level trees received from other statistical analysis groups. The prediction model may be caused to be updated using the step decision tree.