公开(公告)号：US09727441B2

公开(公告)日：2017-08-08

申请号：US13208370

申请日：2011-08-12

申请人： Sharad Agarwal ,  Ratul Mahajan ,  Alice X. Zheng ,  Paramvir Bahl

发明人： Sharad Agarwal ,  Ratul Mahajan ,  Alice X. Zheng ,  Paramvir Bahl

IPC分类号： G06F11/07 ,  G06F11/36 ,  G06F11/22

CPC分类号： G06F11/3612 ,  G06F11/0709 ,  G06F11/079 ,  G06F11/2257 ,  G06F11/3604

摘要： An analysis management system (AMS) is described that analyzes the in-field behavior of a program resource installed on a collection of computing devices, such as mobile telephone devices or the like. In operation, the AMS can instruct different devices to collect data regarding different observation points associated with the program resource, thus spreading the reporting load among the devices. Based on the data that is collected, the AMS can update a dependency graph that describes dependencies among the observation points associated with the program resource. The AMS can then generate new directives based on the updated dependency graph. The AMS can also use the dependency graph and the collected data to infer information regarding observation points that is not directly supplied by the collected data.

公开(公告)号：US08464221B2

公开(公告)日：2013-06-11

申请号：US12485726

申请日：2009-06-16

申请人： Alice X. Zheng ,  Trishul A Chilimbi ,  Shuo-Hsien Hsiao ,  Danyel A. Fisher ,  David M. Andrzejewski

发明人： Alice X. Zheng ,  Trishul A Chilimbi ,  Shuo-Hsien Hsiao ,  Danyel A. Fisher ,  David M. Andrzejewski

IPC分类号： G06F9/44

CPC分类号： G06F11/3664

摘要： A system and method for identifying a root cause of a wait in a computer system are provided. Given the identity of a thread of interest and time window, a longest wait period for the thread of interest within the time window is identified. The longest wait period is used as a starting node to generate a ready tree by walking backwards through the data in a system trace to construct a tree of readying events that ready threads for running on a processor. A potentially anomalous chain of events is automatically identified and highlighted in the ready tree. A visualization of the ready tree is presented to a user so that the user can explore the events in the tree and annotate the automatically generated tree to aid in problem diagnosis.

摘要翻译： 提供了一种用于在计算机系统中识别等待的根本原因的系统和方法。 给定兴趣线程和时间窗口的身份，识别在时间窗口内的兴趣线程的最长等待时间段。 最长的等待周期用作起始节点，以便通过向后走向系统跟踪中的数据来生成就绪树，以构建准备好的事件树，以准备在处理器上运行的线程。 在可用树中自动识别并突出显示一个潜在的异常链接事件。 将可用树的可视化呈现给用户，以便用户可以浏览树中的事件并注释自动生成的树以帮助进行问题诊断。

公开(公告)号：US20130042154A1

公开(公告)日：2013-02-14

申请号：US13208370

申请日：2011-08-12

申请人： Sharad Agarwal ,  Ratul Mahajan ,  Alice X. Zheng ,  Paramvir Bahl

发明人： Sharad Agarwal ,  Ratul Mahajan ,  Alice X. Zheng ,  Paramvir Bahl

IPC分类号： G06F11/36

CPC分类号： G06F11/3612 ,  G06F11/0709 ,  G06F11/079 ,  G06F11/2257 ,  G06F11/3604

摘要： An analysis management system (AMS) is described that analyzes the in-field behavior of a program resource installed on a collection of computing devices, such as mobile telephone devices or the like. In operation, the AMS can instruct different devices to collect data regarding different observation points associated with the program resource, thus spreading the reporting load among the devices. Based on the data that is collected, the AMS can update a dependency graph that describes dependencies among the observation points associated with the program resource. The AMS can then generate new directives based on the updated dependency graph. The AMS can also use the dependency graph and the collected data to infer information regarding observation points that is not directly supplied by the collected data.

摘要翻译： 描述了分析管理系统（AMS），其分析安装在诸如移动电话设备等的计算设备的集合上的程序资源的现场行为。 在操作中，AMS可以指示不同的设备收集与节目资源相关的不同观测点的数据，从而在设备之间传播报告负载。 基于收集的数据，AMS可以更新描述与程序资源相关的观测点之间的依赖关系的依赖关系图。 然后，AMS可以基于更新的依赖关系图生成新的指令。 AMS还可以使用依赖图和收集的数据来推断关于由收集的数据不直接提供的观测点的信息。

公开(公告)号：US09098621B2

公开(公告)日：2015-08-04

申请号：US13037325

申请日：2011-02-28

申请人： Alice X. Zheng ,  Madanlal S. Musuvathi ,  Nishant A. Mehta

发明人： Alice X. Zheng ,  Madanlal S. Musuvathi ,  Nishant A. Mehta

IPC分类号： G06F9/44 ,  G06F11/36 ,  G06F15/18

CPC分类号： G06F11/3612 ,  G06F11/3672 ,  G06F15/18

摘要： The described implementations relate to analysis of computing programs. One implementation provides a technique that can include accessing values of input variables that are processed by test code and runtime values that are produced by the test code while processing the input variables. The technique can also include modeling relationships between the runtime values and the values of the input variables. The relationships can reflect discontinuous functions of the input variables.

摘要翻译： 所描述的实现涉及计算程序的分析。 一种实现提供了一种技术，其可以包括访问由测试代码处理的输入变量的值和由测试代码在处理输入变量时产生的运行时值。 该技术还可以包括运行时值与输入变量的值之间的建模关系。 这些关系可以反映输入变量的不连续函数。

公开(公告)号：US20120222013A1

公开(公告)日：2012-08-30

申请号：US13037325

申请日：2011-02-28

申请人： Alice X. Zheng ,  Madanlal S. Musuvathi ,  Nishant A. Mehta

发明人： Alice X. Zheng ,  Madanlal S. Musuvathi ,  Nishant A. Mehta

IPC分类号： G06F9/44

CPC分类号： G06F11/3612 ,  G06F11/3672 ,  G06F15/18

摘要： The described implementations relate to analysis of computing programs. One implementation provides a technique that can include accessing values of input variables that are processed by test code and runtime values that are produced by the test code while processing the input variables. The technique can also include modeling relationships between the runtime values and the values of the input variables. The relationships can reflect discontinuous functions of the input variables.

摘要翻译： 所描述的实现涉及计算程序的分析。 一种实现提供了一种技术，其可以包括访问由测试代码处理的输入变量的值和由测试代码在处理输入变量时产生的运行时值。 该技术还可以包括运行时值与输入变量的值之间的建模关系。 这些关系可以反映输入变量的不连续函数。

公开(公告)号：US20110252032A1

公开(公告)日：2011-10-13

申请号：US12755438

申请日：2010-04-07

申请人： Robert E. Fitzgerald ,  Jack W. Stokes ,  Alice X. Zheng ,  Edward W. Hardy ,  Bodicherla Aditya Prakash

发明人： Robert E. Fitzgerald ,  Jack W. Stokes ,  Alice X. Zheng ,  Edward W. Hardy ,  Bodicherla Aditya Prakash

IPC分类号： G06F17/30 ,  G06F15/16

CPC分类号： H04L63/20 ,  H04L63/1425

摘要： An analysis system is described for identifying potentially malicious activity within a computer network. It performs this task by interacting with a user to successively remove known instances of non-malicious activity, to eventually reveal potentially malicious activity. The analysis system interacts with the user by inviting the user to apply labels to identified examples of network behavior; upon response by the user, the analysis system supplies new examples of network behavior to the user. In one implementation, the analysis system generates such examples using a combination of feature-based analysis and graph-based analysis. The graph-based analysis relies on analysis of graph structure associated with access events, such as by identifying entropy scores for respective portions of the graph structure.

摘要翻译： 描述了用于识别计算机网络内的潜在恶意活动的分析系统。 它通过与用户交互来执行此任务，以连续删除已知的非恶意活动实例，最终显示潜在的恶意活动。 分析系统通过邀请用户将标签应用于网络行为的识别示例与用户进行交互; 在用户响应的情况下，分析系统向用户提供网络行为的新例子。 在一个实现中，分析系统使用基于特征的分析和基于图的分析的组合来生成这样的示例。 基于图的分析依赖于与访问事件相关联的图形结构的分析，例如通过识别图形结构的各个部分的熵分数。

公开(公告)号：US08805839B2

公开(公告)日：2014-08-12

申请号：US12755438

申请日：2010-04-07

申请人： Robert E. Fitzgerald ,  Jack W. Stokes ,  Alice X. Zheng ,  Edward W. Hardy ,  Bodicherla Aditya Prakash

发明人： Robert E. Fitzgerald ,  Jack W. Stokes ,  Alice X. Zheng ,  Edward W. Hardy ,  Bodicherla Aditya Prakash

IPC分类号： G06F7/00 ,  G06F17/30

CPC分类号： H04L63/20 ,  H04L63/1425

摘要： An analysis system is described for identifying potentially malicious activity within a computer network. It performs this task by interacting with a user to successively remove known instances of non-malicious activity, to eventually reveal potentially malicious activity. The analysis system interacts with the user by inviting the user to apply labels to identified examples of network behavior; upon response by the user, the analysis system supplies new examples of network behavior to the user. In one implementation, the analysis system generates such examples using a combination of feature-based analysis and graph-based analysis. The graph-based analysis relies on analysis of graph structure associated with access events, such as by identifying entropy scores for respective portions of the graph structure.

摘要翻译： 描述了用于识别计算机网络内的潜在恶意活动的分析系统。 它通过与用户交互来执行此任务，以连续删除已知的非恶意活动实例，最终显示潜在的恶意活动。 分析系统通过邀请用户将标签应用于网络行为的识别示例与用户进行交互; 在用户响应的情况下，分析系统向用户提供网络行为的新例子。 在一个实现中，分析系统使用基于特征的分析和基于图的分析的组合来生成这样的示例。 基于图的分析依赖于与访问事件相关联的图形结构的分析，例如通过识别图形结构的各个部分的熵分数。

公开(公告)号：US20100318852A1

公开(公告)日：2010-12-16

申请号：US12485726

申请日：2009-06-16

申请人： Alice X. Zheng ,  Trishul A. Chilimbi ,  Shuo-Hsien Hsiao ,  Danyel A. Fisher ,  David M. Andrzejewski

发明人： Alice X. Zheng ,  Trishul A. Chilimbi ,  Shuo-Hsien Hsiao ,  Danyel A. Fisher ,  David M. Andrzejewski

IPC分类号： G06F11/32

CPC分类号： G06F11/3664

摘要： A system and method for identifying a root cause of a wait in a computer system are provided. Given the identity of a thread of interest and time window, a longest wait period for the thread of interest within the time window is identified. The longest wait period is used as a starting node to generate a ready tree by walking backwards through the data in a system trace to construct a tree of readying events that ready threads for running on a processor. A potentially anomalous chain of events is automatically identified and highlighted in the ready tree. A visualization of the ready tree is presented to a user so that the user can explore the events in the tree and annotate the automatically generated tree to aid in problem diagnosis.

摘要翻译： 提供了一种用于在计算机系统中识别等待的根本原因的系统和方法。 给定兴趣线程和时间窗口的身份，识别在时间窗口内的兴趣线程的最长等待时间段。 最长的等待周期用作起始节点，以便通过向后走向系统跟踪中的数据来生成就绪树，以构建准备好的事件树，以准备在处理器上运行的线程。 在可用树中自动识别并突出显示一个潜在的异常链接事件。 将可用树的可视化呈现给用户，以便用户可以浏览树中的事件并注释自动生成的树以帮助进行问题诊断。