Context-based identification of anomalous log data

    公开(公告)号:US11853415B1

    公开(公告)日:2023-12-26

    申请号:US17116419

    申请日:2020-12-09

    Applicant: Rapid7, Inc.

    Abstract: Disclosed herein are methods, systems, and processes for context-based identification of anomalous log data. Log data with multiple original logs is received at an anomalous log data identification system. A context associated training dataset is generated by splitting a string in a log into multiple split strings, generating a context association between each split string and a unique key that corresponds to the log, and generating an input/output (I/O) string data batch that includes I/O string data for each split string in the log by training each split string against every other split string in the log. A context-based anomalous log data identification model is then trained according to a machine learning technique using the I/O string data batch that includes a list of unique strings in the context associated training dataset. The training tunes the context-based anomalous log data identification model to classify or cluster a vector associated with a new string in a new log that is not part of the multiple original logs as anomalous.

    Vector-based anomaly detection
    72.
    发明授权

    公开(公告)号:US11848951B2

    公开(公告)日:2023-12-19

    申请号:US17643952

    申请日:2021-12-13

    CPC classification number: H04L63/1425 G06F21/552 H04L63/18 H04L63/1408

    Abstract: A hybrid-fabric apparatus comprises a black box memory configured to store a plurality of behavior metrics and an anomaly agent coupled to the black box. The anomaly agent determines a baseline vector corresponding to nominal behavior of the fabric, wherein the baseline vector comprises at least two different behavior metrics that are correlated with each other. The anomaly agent disaggregates anomaly detection criteria into a plurality of anomaly criterion to be distributed among network nodes in the fabric, the anomaly detection criteria characterizing a variation from the baseline vector, and each of the plurality of anomaly criterion comprising a function of a measured vector of behavior metrics. The variation can be calculated based on a variation function applied to a vector of measured behavior metrics having elements corresponding to member elements of the baseline vector. Anomaly criterion statuses calculated by at least some of the network nodes are aggregated.

    Analysis device, analysis method, and analysis program

    公开(公告)号:US11843633B2

    公开(公告)日:2023-12-12

    申请号:US17261173

    申请日:2019-04-26

    CPC classification number: H04L63/1483 G06F18/22 G06F21/552 G06F2221/2119

    Abstract: An analysis device includes an input unit that receives input of communication destination information to be analyzed, a conversion unit that converts a partial character string included in the communication destination information into an image, a search unit that obtains a character string that is visually similar to an image converted by the conversion unit and searches for known communication destination information that is visually similar to the communication destination information based on the character string obtained, and an output unit that outputs a combination of the communication destination information and the known communication destination information that is visually similar to the communication destination information.

    CLASSIFYING USER BEHAVIOR AS ANOMALOUS
    75.
    发明公开

    公开(公告)号:US20230394367A1

    公开(公告)日:2023-12-07

    申请号:US18450263

    申请日:2023-08-15

    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for classifying user behavior as anomalous. One of the methods includes obtaining user behavior data representing behavior of a user in a subject system. An initial model is generated from training data, the initial model having first characteristic features of the training data. A resampling model is generated from the training data and from multiple instances of the first representation for a test time period. A difference between the initial model and the resampling model is computed. The user behavior in the test time period is classified as anomalous based on the difference between the initial model and the resampling model.

    SYSTEM, METHOD, AND PROGRAM FOR ANALYZING VEHICLE SYSTEM LOGS

    公开(公告)号:US20230385405A1

    公开(公告)日:2023-11-30

    申请号:US17826285

    申请日:2022-05-27

    CPC classification number: G06F21/552 G06F16/285 G06F2221/034

    Abstract: A system includes a processor and a storage device containing instructions. Execution of the instructions causes the processor to: (1) connect with an onboard system of a vehicle, wherein the onboard system is connectable to a network; (2) collect an activity log generated by the onboard system, wherein the activity log includes log messages indicative of an activity of the onboard system; (3) extract a feature list from the activity log, wherein the feature list includes features and each one of the features includes select information from a corresponding one of the log messages; (4) extract an episode from the feature list, wherein the episode is indicative of the activity of the onboard system; and (5) classify the episode with an episode classification, wherein the episode classification is indicative of an event that occurred during the activity.

    Anomalous vehicle detection server and anomalous vehicle detection method

    公开(公告)号:US11829472B2

    公开(公告)日:2023-11-28

    申请号:US17380228

    申请日:2021-07-20

    CPC classification number: G06F21/56 G06F21/552

    Abstract: An anomalous vehicle detection server includes an anomaly score calculator that detects a suspicious behavior different from a predetermined driving behavior based on pieces of vehicle information that are received from a plurality of vehicles, respectively, and are each based on a vehicle log including the content of an event that has occurred in a vehicle system provided in the vehicle, and acquires an anomaly score of each of the plurality of vehicles that indicates a likelihood that reverse engineering is performed on the vehicle; and an anomalous vehicle determiner that determines whether one vehicle of the plurality of vehicles is an anomalous vehicle based on the anomaly score of the one vehicle and a statistical value of the anomaly scores of two or more vehicles of the plurality of vehicles.

    SYSTEMS AND METHODS FOR IDENTIFYING RANSOMWARE ACTORS IN DIGITAL CURRENCY NETWORKS

    公开(公告)号:US20230376594A1

    公开(公告)日:2023-11-23

    申请号:US18197134

    申请日:2023-05-15

    CPC classification number: G06F21/565 G06F21/552 G06Q20/02

    Abstract: Disclosed are methods, systems, and other implementations, including a method for identifying and predicting illegal digital currency transactions that includes obtaining one or more blockchains of transaction blocks for transactions involving digital currency, deriving from the one or more blockchains of transaction blocks a transaction graph of sequential transactions, and applying clustering processing to the transaction graph to generate resultant one or more entity graphs representative of likely chains of digital currency transfers by respective one or more entities. The method further includes extracting graph feature data from the resultant one or more entity graphs, and applying classification processing (e.g., supervised learning classification processing) to the extracted graph feature data to identify a suspected malicious entity from the one or more entities associated with the one or more entity graphs.

Patent Agency Ranking