公开(公告)号：US20180337935A1

公开(公告)日：2018-11-22

申请号：US15596042

申请日：2017-05-16

Applicant: EntIT Software LLC

Inventor： Manish Marwah ,  Alexander Ulanov ,  Carlos Zubieta ,  Luis Mateos ,  Pratyusa K. Manadhata

IPC: H04L29/06

Abstract: In some examples, a system generates a graphical representation of entities associated with a computing environment, and derives features for the entities represented by the graphical representation, the features comprising neighborhood features and link-based features, a neighborhood feature for a first entity of the entities derived based on entities that are neighbors of the first entity in the graphical representation, and a link-based feature for the first entity derived based on relationships of other entities in the graphical representation with the first entity. The system determines, using a plurality of anomaly detectors based on respective features of the derived features, whether the first entity is exhibiting anomalous behavior.

公开(公告)号：US20180336353A1

公开(公告)日：2018-11-22

申请号：US15596041

申请日：2017-05-16

Applicant: EntIT Software LLC

Inventor： Pratyusa K. Manadhata ,  Manish Marwah ,  Alexander Ulanov

IPC: G06F21/57 ,  G06F17/30 ,  H04L29/06 ,  G06Q10/06

Abstract: In some examples, a system receives anomaly scores regarding an entity from a plurality of detectors, produces a weighted anomaly score for the entity based on the anomaly scores and respective weights assigned to the plurality of detectors, the weights based on historical performance of the plurality of detectors, determines an impact based on a context of the entity, wherein the impact is indicative of an effect that the entity would have on a computing environment if the entity were to exhibit anomalous behavior, and computes a risk score for the entity based on the weighted anomaly score and the determined impact.

公开(公告)号：US10592666B2

公开(公告)日：2020-03-17

申请号：US15692655

申请日：2017-08-31

Applicant: EntIT Software LLC

Inventor： Mijung Kim ,  Pratyusa K. Manadhata ,  Manish Marwah ,  Alexander Ulanov ,  Jun Li

IPC: G06F11/00 ,  G06F21/55 ,  G06N3/08 ,  G06F21/57 ,  G06N3/04 ,  G06N5/02

Abstract: In some examples, a system extracts features from event data representing events in a computing environment, trains ensembles of machine-learning models for respective analytics modules of a plurality of different types of analytics modules, and detects, by the different types of analytics modules using the respective trained ensembles of machine-learning models, an anomalous entity in response to further event data.

公开(公告)号：US20190065738A1

公开(公告)日：2019-02-28

申请号：US15692655

申请日：2017-08-31

Applicant: EntIT Software LLC

Inventor： Mijung Kim ,  Pratyusa K. Manadhata ,  Manish Marwah ,  Alexander Ulanov ,  Jun Li

IPC: G06F21/55 ,  G06F21/57 ,  G06N3/08

Abstract: In some examples, a system extracts features from event data representing events in a computing environment, trains ensembles of machine-learning models for respective analytics modules of a plurality of different types of analytics modules, and detects, by the different types of analytics modules using the respective trained ensembles of machine-learning models, an anomalous entity in response to further event data.