公开(公告)号：US11269995B2

公开(公告)日：2022-03-08

申请号：US16170105

申请日：2018-10-25

Applicant: ENTIT SOFTWARE LLC

Inventor： Manish Marwah ,  Mijung Kim ,  Martin Arlitt

IPC: G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  G06F21/55 ,  H04L29/06 ,  H04L43/045 ,  H04L41/0631 ,  H04L41/0654 ,  G06F9/54

Abstract: In some examples, a system constructs, based on event data representing a plurality of events in a system, a representation of the plurality of events, the representation including information relating the events, and computes issue indications corresponding to potential issues in the system. The system adds information based on the issue indications to the representation to form an enriched representation, and searches the enriched representation to find a chain of events representing an issue in the system.

公开(公告)号：US10599857B2

公开(公告)日：2020-03-24

申请号：US15689045

申请日：2017-08-29

Applicant: EntIT Software LLC

Inventor： Mijung Kim ,  Pratyusa K. Manadhata ,  Manish Marwah

IPC: G06F21/60 ,  G06F21/31 ,  G06F21/35 ,  G06F16/00 ,  G06F16/35 ,  H04L29/06 ,  G06F16/2458 ,  G06F16/9535 ,  G06F21/56 ,  G06F21/55 ,  G06Q10/10 ,  G06F13/00

Abstract: In some examples, for a given authentication event between a plurality of devices in a network, a system identifies a set of events, at the devices, that are temporally related to the given authentication event. The system extracts features from the set of events by aggregating event data of the set of events. The system provides the extracted features to a classifier that detects unauthorized authentication events.

公开(公告)号：US11122064B2

公开(公告)日：2021-09-14

申请号：US15959461

申请日：2018-04-23

Applicant: ENTIT SOFTWARE LLC

Inventor： Pratyusa K. Manadhata ,  Mijung Kim

IPC: H04L29/06 ,  G06K9/62 ,  G06F21/31 ,  G06F21/55 ,  G06F21/45 ,  G06N20/00

Abstract: In some examples, a system identifies, for a given authentication event between a plurality of devices in a network, a context comprising a set of authentication events that are temporally related to the given authentication event. The set of authentication events occur at the devices. A classifier is applied on a collection of features associated with the set of authentication events, the collection of features comprising a number of machines or a number of users associated with the set of authentication events. The system determines, based on an output of the classifier, whether the given authentication event is an unauthorized authentication event.

公开(公告)号：US20190327253A1

公开(公告)日：2019-10-24

申请号：US15959461

申请日：2018-04-23

Applicant: ENTIT SOFTWARE LLC

Inventor： Pratyusa K. Manadhata ,  Mijung Kim

IPC: H04L29/06 ,  G06K9/62

Abstract: In some examples, a system identifies, for a given authentication event between a plurality of devices in a network, a context comprising a set of authentication events that are temporally related to the given authentication event. The set of authentication events occur at the devices. A classifier is applied on a collection of features associated with the set of authentication events, the collection of features comprising a number of machines or a number of users associated with the set of authentication events. The system determines, based on an output of the classifier, whether the given authentication event is an unauthorized authentication event.

公开(公告)号：US20190064752A1

公开(公告)日：2019-02-28

申请号：US15689047

申请日：2017-08-29

Applicant: EntIT Software LLC

Inventor： Manish Marwah ,  Mijung Kim ,  Pratyusa K. Manadhata

IPC: G05B13/02 ,  G06F15/18

Abstract: In some examples, a system balances a number of positive data points and a number of negative data points, to produce a balanced training data set, where the positive data points comprise features associated with authentication events that are positive with respect to an unauthorized classification, and the negative data points comprise features associated with authentication events that are negative with respect to the unauthorized classification. The system trains a plurality of models using the balanced training data set, wherein the plurality of models are trained according to respective different machine learning techniques. The system selects a model from the trained plurality of models based on relative performance of the plurality of models.

公开(公告)号：US10984099B2

公开(公告)日：2021-04-20

申请号：US15689043

申请日：2017-08-29

Applicant: EntIT Software LLC

Inventor： Pratyusa K. Manadhata ,  Mijung Kim ,  Manish Marwah

IPC: G06F21/55 ,  G06F21/62 ,  G06F21/45 ,  H04L29/06 ,  G06N20/20 ,  G06F21/31 ,  G06F16/00 ,  G06K9/62

Abstract: In some examples, for a given authentication event between a plurality of devices in a network, a system identifies a set of events, at the devices, that are temporally related to the given authentication event. The system applies a classifier on a collection of features associated with the set of events, and determines, based on an output of the classifier, whether the given authentication event is an unauthorized authentication event.

公开(公告)号：US10592666B2

公开(公告)日：2020-03-17

申请号：US15692655

申请日：2017-08-31

Applicant: EntIT Software LLC

Inventor： Mijung Kim ,  Pratyusa K. Manadhata ,  Manish Marwah ,  Alexander Ulanov ,  Jun Li

IPC: G06F11/00 ,  G06F21/55 ,  G06N3/08 ,  G06F21/57 ,  G06N3/04 ,  G06N5/02

Abstract: In some examples, a system extracts features from event data representing events in a computing environment, trains ensembles of machine-learning models for respective analytics modules of a plurality of different types of analytics modules, and detects, by the different types of analytics modules using the respective trained ensembles of machine-learning models, an anomalous entity in response to further event data.

公开(公告)号：US20190065762A1

公开(公告)日：2019-02-28

申请号：US15689045

申请日：2017-08-29

Applicant: EntIT Software LLC

Inventor： Mijung Kim ,  Pratyusa K. Manadhata ,  Manish Marwah

IPC: G06F21/60 ,  H04L29/06 ,  G06F17/30

Abstract: In some examples, for a given authentication event between a plurality of devices in a network, a system identifies a set of events, at the devices, that are temporally related to the given authentication event. The system extracts features from the set of events by aggregating event data of the set of events. The system provides the extracted features to a classifier that detects unauthorized authentication events.

公开(公告)号：US20190065739A1

公开(公告)日：2019-02-28

申请号：US15689043

申请日：2017-08-29

Applicant: EntIT Software LLC

Inventor： Pratyusa K. Manadhata ,  Mijung Kim ,  Manish Marwah

IPC: G06F21/55 ,  G06F21/62 ,  G06F21/45 ,  H04L29/06

Abstract: In some examples, for a given authentication event between a plurality of devices in a network, a system identifies a set of events, at the devices, that are temporally related to the given authentication event. The system applies a classifier on a collection of features associated with the set of events, and determines, based on an output of the classifier, whether the given authentication event is an unauthorized authentication event.

公开(公告)号：US20190065738A1

公开(公告)日：2019-02-28

申请号：US15692655

申请日：2017-08-31

Applicant: EntIT Software LLC

Inventor： Mijung Kim ,  Pratyusa K. Manadhata ,  Manish Marwah ,  Alexander Ulanov ,  Jun Li

IPC: G06F21/55 ,  G06F21/57 ,  G06N3/08

Abstract: In some examples, a system extracts features from event data representing events in a computing environment, trains ensembles of machine-learning models for respective analytics modules of a plurality of different types of analytics modules, and detects, by the different types of analytics modules using the respective trained ensembles of machine-learning models, an anomalous entity in response to further event data.