-
公开(公告)号:US11263104B2
公开(公告)日:2022-03-01
申请号:US16426850
申请日:2019-05-30
申请人: ENTIT SOFTWARE LLC
发明人: Manish Marwah , Andrey Simanovsky
摘要: In some examples, a system is to, given an anomaly score threshold over which at least one anomalous point is to be observed in a test set of points with a specified probability, determine, using raw anomaly scores for a training set of points, a first mapping between raw anomaly scores in a first range and first transformed anomaly scores using a first transformation technique. The system is to determine, using the raw anomaly scores for the training set of points, a second mapping between raw anomaly scores in a second range greater than the first range and second transformed anomaly scores using a second transformation technique different from the first transformation technique. The system is to use the first mapping and the second mapping to detect an anomaly in a computing environment based on the test set of points.
-
公开(公告)号:US10599857B2
公开(公告)日:2020-03-24
申请号:US15689045
申请日:2017-08-29
申请人: EntIT Software LLC
发明人: Mijung Kim , Pratyusa K. Manadhata , Manish Marwah
IPC分类号: G06F21/60 , G06F21/31 , G06F21/35 , G06F16/00 , G06F16/35 , H04L29/06 , G06F16/2458 , G06F16/9535 , G06F21/56 , G06F21/55 , G06Q10/10 , G06F13/00
摘要: In some examples, for a given authentication event between a plurality of devices in a network, a system identifies a set of events, at the devices, that are temporally related to the given authentication event. The system extracts features from the set of events by aggregating event data of the set of events. The system provides the extracted features to a classifier that detects unauthorized authentication events.
-
公开(公告)号:US20180336353A1
公开(公告)日:2018-11-22
申请号:US15596041
申请日:2017-05-16
申请人: EntIT Software LLC
摘要: In some examples, a system receives anomaly scores regarding an entity from a plurality of detectors, produces a weighted anomaly score for the entity based on the anomaly scores and respective weights assigned to the plurality of detectors, the weights based on historical performance of the plurality of detectors, determines an impact based on a context of the entity, wherein the impact is indicative of an effect that the entity would have on a computing environment if the entity were to exhibit anomalous behavior, and computes a risk score for the entity based on the weighted anomaly score and the determined impact.
-
公开(公告)号:US11269995B2
公开(公告)日:2022-03-08
申请号:US16170105
申请日:2018-10-25
申请人: ENTIT SOFTWARE LLC
发明人: Manish Marwah , Mijung Kim , Martin Arlitt
IPC分类号: G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00 , G06F21/55 , H04L29/06 , H04L43/045 , H04L41/0631 , H04L41/0654 , G06F9/54
摘要: In some examples, a system constructs, based on event data representing a plurality of events in a system, a representation of the plurality of events, the representation including information relating the events, and computes issue indications corresponding to potential issues in the system. The system adds information based on the issue indications to the representation to form an enriched representation, and searches the enriched representation to find a chain of events representing an issue in the system.
-
公开(公告)号:US20200379863A1
公开(公告)日:2020-12-03
申请号:US16426850
申请日:2019-05-30
申请人: ENTIT SOFTWARE LLC
发明人: Manish Marwah , Andrey Simanovsky
摘要: In some examples, a system is to, given an anomaly score threshold over which at least one anomalous point is to be observed in a test set of points with a specified probability, determine, using raw anomaly scores for a training set of points, a first mapping between raw anomaly scores in a first range and first transformed anomaly scores using a first transformation technique. The system is to determine, using the raw anomaly scores for the training set of points, a second mapping between raw anomaly scores in a second range greater than the first range and second transformed anomaly scores using a second transformation technique different from the first transformation technique. The system is to use the first mapping and the second mapping to detect an anomaly in a computing environment based on the test set of points.
-
公开(公告)号:US20180337935A1
公开(公告)日:2018-11-22
申请号:US15596042
申请日:2017-05-16
申请人: EntIT Software LLC
IPC分类号: H04L29/06
摘要: In some examples, a system generates a graphical representation of entities associated with a computing environment, and derives features for the entities represented by the graphical representation, the features comprising neighborhood features and link-based features, a neighborhood feature for a first entity of the entities derived based on entities that are neighbors of the first entity in the graphical representation, and a link-based feature for the first entity derived based on relationships of other entities in the graphical representation with the first entity. The system determines, using a plurality of anomaly detectors based on respective features of the derived features, whether the first entity is exhibiting anomalous behavior.
-
公开(公告)号:US10984099B2
公开(公告)日:2021-04-20
申请号:US15689043
申请日:2017-08-29
申请人: EntIT Software LLC
发明人: Pratyusa K. Manadhata , Mijung Kim , Manish Marwah
IPC分类号: G06F21/55 , G06F21/62 , G06F21/45 , H04L29/06 , G06N20/20 , G06F21/31 , G06F16/00 , G06K9/62
摘要: In some examples, for a given authentication event between a plurality of devices in a network, a system identifies a set of events, at the devices, that are temporally related to the given authentication event. The system applies a classifier on a collection of features associated with the set of events, and determines, based on an output of the classifier, whether the given authentication event is an unauthorized authentication event.
-
公开(公告)号:US10592666B2
公开(公告)日:2020-03-17
申请号:US15692655
申请日:2017-08-31
申请人: EntIT Software LLC
发明人: Mijung Kim , Pratyusa K. Manadhata , Manish Marwah , Alexander Ulanov , Jun Li
摘要: In some examples, a system extracts features from event data representing events in a computing environment, trains ensembles of machine-learning models for respective analytics modules of a plurality of different types of analytics modules, and detects, by the different types of analytics modules using the respective trained ensembles of machine-learning models, an anomalous entity in response to further event data.
-
公开(公告)号:US20190065762A1
公开(公告)日:2019-02-28
申请号:US15689045
申请日:2017-08-29
申请人: EntIT Software LLC
发明人: Mijung Kim , Pratyusa K. Manadhata , Manish Marwah
摘要: In some examples, for a given authentication event between a plurality of devices in a network, a system identifies a set of events, at the devices, that are temporally related to the given authentication event. The system extracts features from the set of events by aggregating event data of the set of events. The system provides the extracted features to a classifier that detects unauthorized authentication events.
-
公开(公告)号:US20190065739A1
公开(公告)日:2019-02-28
申请号:US15689043
申请日:2017-08-29
申请人: EntIT Software LLC
发明人: Pratyusa K. Manadhata , Mijung Kim , Manish Marwah
摘要: In some examples, for a given authentication event between a plurality of devices in a network, a system identifies a set of events, at the devices, that are temporally related to the given authentication event. The system applies a classifier on a collection of features associated with the set of events, and determines, based on an output of the classifier, whether the given authentication event is an unauthorized authentication event.
-
-
-
-
-
-
-
-
-
搜索结果
17 条记录 (耗时 0.016 秒)
