FINGERPRINT MERGING AND RISK LEVEL EVALUATION FOR NETWORK ANOMALY DETECTION
    1.
    发明申请
    FINGERPRINT MERGING AND RISK LEVEL EVALUATION FOR NETWORK ANOMALY DETECTION 审中-公开
    网络异常检测的指纹合并和风险等级评估

    公开(公告)号:US20160352765A1

    公开(公告)日:2016-12-01

    申请号:US15072526

    申请日:2016-03-17

    CPC classification number: H04L63/1425 H04L63/1416 H04L63/145 H04L63/1458

    Abstract: In one embodiment, a device in a network receives fingerprints of two or more network anomalies detected in the network by different anomaly detectors. Each fingerprint comprises a hash of tags that describe a detected anomaly. The device associates the fingerprints with network records captured within a timeframe in which the two or more network anomalies were detected. The device compares the fingerprints associated with the network records to determine that the two or more detected anomalies are part of a singular anomaly event. The device generates a notification regarding the singular anomaly event, wherein the notification includes those of the fingerprints that are associated with the singular anomaly event.

    Abstract translation: 在一个实施例中,网络中的设备由不同的异常检测器接收在网络中检测到的两个或多个网络异常的指纹。 每个指纹包括描述检测到的异常的标签的散列。 该设备将指纹与在其中检测到两个或多个网络异常的时间范围内捕获的网络记录相关联。 设备将与网络记录相关联的指纹进行比较,以确定两个或多个检测到的异常是单个异常事件的一部分。 设备生成关于奇异异常事件的通知,其中通知包括与单个异常事件相关联的指纹的通知。

    Constraint-aware resource synchronization across hyper-distributed learning systems

    公开(公告)号:US10552763B2

    公开(公告)日:2020-02-04

    申请号:US15210974

    申请日:2016-07-15

    Abstract: In one embodiment, a device in a network receives data indicative of a target state for one or more distributed learning agents in the network. The device determines a difference between the target state and state information maintained by the device regarding the one or more distributed learning agents. The device calculates a synchronization penalty score for each of the one or more distributed learning agents. The device selects a particular one of the one or more distributed learning agents with which to synchronize, based on the synchronization penalty score for the selected distributed learning agent and on the determined difference between the target state and the state information regarding the selected distributed learning agent. The device initiates synchronization of the state information maintained by the device regarding the selected distributed learning agent with state information from the selected distributed learning agent.

    CONSTRAINT-AWARE RESOURCE SYNCHRONIZATION ACROSS HYPER-DISTRIBUTED LEARNING SYSTEMS

    公开(公告)号:US20170279849A1

    公开(公告)日:2017-09-28

    申请号:US15210974

    申请日:2016-07-15

    Abstract: In one embodiment, a device in a network receives data indicative of a target state for one or more distributed learning agents in the network. The device determines a difference between the target state and state information maintained by the device regarding the one or more distributed learning agents. The device calculates a synchronization penalty score for each of the one or more distributed learning agents. The device selects a particular one of the one or more distributed learning agents with which to synchronize, based on the synchronization penalty score for the selected distributed learning agent and on the determined difference between the target state and the state information regarding the selected distributed learning agent. The device initiates synchronization of the state information maintained by the device regarding the selected distributed learning agent with state information from the selected distributed learning agent.

    Fingerprint merging and risk level evaluation for network anomaly detection

    公开(公告)号:US10320825B2

    公开(公告)日:2019-06-11

    申请号:US15072526

    申请日:2016-03-17

    Abstract: A device in a network receives fingerprints of two or more network anomalies detected in the network by different anomaly detectors. Each fingerprint comprises a hash of tags that describe a detected anomaly. The device associates the fingerprints with network records captured within a timeframe in which the two or more network anomalies were detected. The device compares the fingerprints associated with the network records to determine that the two or more detected anomalies are part of a singular anomaly event. The device generates a notification regarding the singular anomaly event. The notification includes those of the fingerprints that are associated with the singular anomaly event.

    ACTIONABLE AND INTERACTIVE LOG VISUALIZATIONS

    公开(公告)号:US20250132996A1

    公开(公告)日:2025-04-24

    申请号:US18381842

    申请日:2023-10-19

    Abstract: In one implementation, a method is disclosed comprising: determining, by a process, a log template mapped from network monitoring log messages; generating, by the process, a visualization of the log template including interactive graphical representations of a detection frequency for the log template, a frequency distribution of parameter values per parameter for the log template, and relationships between parameter values across different parameters for the log template; filtering, by the process, data included in the visualization based on a user selection of a portion of a particular graphical representation; and modifying, by the process and based on user feedback on the visualization, generation of subsequent visualizations of log templates.

Patent Agency Ranking