公开(公告)号：US20160283533A1

公开(公告)日：2016-09-29

申请号：US14669792

申请日：2015-03-26

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Aleksey M. URMANOV ,  Alan Paul WOOD ,  Anton A. BOUGAEV

IPC: G06F17/30

CPC classification number: G06F16/285

Abstract: Systems, methods, and other embodiments associated with multi-distance clustering are described. In one embodiment, a method includes reading a multi-distance similarity matrix S that records pair-wise multi-distance similarities between respective pairs of data points in a data set. Each pair-wise similarity is based on distances between a pair of data points calculated using K different distance functions, where K is greater than one. The method includes clustering the data points in the data set into n clusters based on the similarity matrix S. The number of clusters n is not determined prior to the clustering.

Abstract translation: 描述了与多距离聚类相关联的系统，方法和其他实施例。 在一个实施例中，一种方法包括读取在数据集中的各对数据点之间记录成对的多距离相似度的多距离相似度矩阵S。 每对成对的相似度是基于使用K个不同距离函数计算的一对数据点之间的距离，其中K大于1。 该方法包括基于相似度矩阵S将数据集中的数据点聚类为n个聚类。在聚类之前不确定簇数n。

公开(公告)号：US20180349470A1

公开(公告)日：2018-12-06

申请号：US16059336

申请日：2018-08-09

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Aleksey M. URMANOV ,  Alan Paul WOOD ,  Anton A. BOUGAEV

IPC: G06F17/30 ,  G06F17/16 ,  G06F17/15 ,  G06F15/18

CPC classification number: G06N99/005 ,  G06F17/10 ,  G06K9/6215

Abstract: Systems, methods, and other embodiments associated with multi-distance tri-point arbitration are described. In one embodiment, a method includes using a K different distance functions, calculating K per-distance tri-point arbitration similarities between a pair of data points with respect to an arbiter point. A multi-distance tri-point arbitration similarity S between the data points is calculated by determining that the data points are similar when a dominating number of the K per-distance tri-point arbitration similarities indicate that the data points are similar; and determining that the data points are dissimilar when a dominating number of the K per-distance tri-point arbitration similarities indicate that the data points are dissimilar. The multi-distance tri-point arbitration similarity is associated with the data points for use in future processing.

公开(公告)号：US20180069896A1

公开(公告)日：2018-03-08

申请号：US15258135

申请日：2016-09-07

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Aleksey M. URMANOV ,  Alan P. WOOD

IPC: H04L29/06

CPC classification number: H04L63/1483 ,  G06F21/31 ,  G06F21/316 ,  G06F21/554 ,  G06F2221/2101 ,  H04L63/08 ,  H04L63/1425 ,  H04L63/1441 ,  H04L2463/121

Abstract: Systems, methods, and other embodiments are disclosed for data-driven user authentication misuse detection. In one embodiment, for each of multiple authentication attempts to a computing device by a user via user authentication log messages: user authentication log data having user attribute values is collected; the user authentication log data is transformed into a tracer data structure having the user attribute values organized in a common format; the tracer data structure is augmented with timestamp data to generate an event data structure, where the timestamp data represents a time at which the user authentication log data is observed by the computing device; a user behavior model filter, representing account usage patterns of the user, is updated based at least in part on the event data structure. A malicious authentication attempt to the computing device by a malicious user is detected based on, at least in part, the user behavior model filter.

公开(公告)号：US20140280146A1

公开(公告)日：2014-09-18

申请号：US13833757

申请日：2013-03-15

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Alan Paul WOOD ,  Aleksey M. URMANOV ,  Anton A. BOUGAEV

IPC: G06F17/30

CPC classification number: G06F17/30598

Abstract: Systems, methods, and other embodiments associated with clustering using tri-point arbitration are described. In one embodiment, a method includes selecting a data point pair and a set of arbiter points. A tri-point arbitration similarity is calculated for data point pairs based, at least in part, on a distance between the first and second data points and the arbiter points. In one embodiment, similar data points are clustered.

Abstract translation: 描述了使用三点仲裁与集群相关联的系统，方法和其他实施例。 在一个实施例中，一种方法包括选择数据点对和一组仲裁点。 至少部分地基于第一和第二数据点与仲裁点之间的距离来计算数据点对的三点仲裁相似性。 在一个实施例中，类似的数据点被聚集。

公开(公告)号：US20190109875A1

公开(公告)日：2019-04-11

申请号：US16211819

申请日：2018-12-06

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Aleksey M. URMANOV ,  Alan P. WOOD

IPC: H04L29/06 ,  G06F21/55 ,  G06F21/31

Abstract: Systems, methods, and other embodiments are disclosed for data-driven user authentication misuse detection. In one embodiment, for a user authentication attempt to access a secure computer resource, user authentication log data having user attribute values is collected. The user authentication log data is transformed into a tracer data structure. The tracer data structure is augmented with timestamp data to generate an event data structure. It is determined whether the tracer data structure matches an existing tracer data structure stored in a rules database and, if not, a novelty flag is set to generate a new user behavior model filter. If the tracer data structure matches the existing tracer data structure: an existing user behavior model filter is applied, issuance of an alarm message or signal is controlled, and the existing user behavior model filter is updated based, at least in part, on the event data structure.

公开(公告)号：US20180322363A1

公开(公告)日：2018-11-08

申请号：US16037116

申请日：2018-07-17

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Aleksey M. URMANOV ,  Alan Paul WOOD ,  Anton A. BOUGAEV

IPC: G06K9/62 ,  G06F17/16

CPC classification number: G06F17/30598 ,  G06F15/18 ,  G06F17/16 ,  G06F2216/03 ,  G06K9/6215 ,  G06K9/6223

Abstract: Systems, methods, and other embodiments associated with multi-distance clustering are described. In one embodiment, a method includes reading a multi-distance similarity matrix S that records pair-wise multi-distance similarities between respective pairs of data points in a data set. Each pair-wise similarity is based on distances between a pair of data points calculated using K different distance functions, where K is greater than one. The method includes clustering the data points in the data set into n clusters based on the similarity matrix S. The number of clusters n is not determined prior to the clustering.

公开(公告)号：US20160283862A1

公开(公告)日：2016-09-29

申请号：US14669729

申请日：2015-03-26

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Aleksey M. URMANOV ,  Alan Paul WOOD ,  Anton A. BOUGAEV

IPC: G06N99/00 ,  G06N7/00

CPC classification number: G06N20/00 ,  G06F17/10 ,  G06K9/6215

Abstract: Systems, methods, and other embodiments associated with multi-distance tri-point arbitration are described. In one embodiment, a method includes using a K different distance functions, calculating K per-distance tri-point arbitration similarities between a pair of data points with respect to an arbiter point. A multi-distance tri-point arbitration similarity S between the data points is calculated by determining that the data points are similar when a dominating number of the K per-distance tri-point arbitration similarities indicate that the data points are similar; and determining that the data points are dissimilar when a dominating number of the K per-distance tri-point arbitration similarities indicate that the data points are dissimilar. The multi-distance tri-point arbitration similarity is associated with the data points for use in future processing.

Abstract translation: 描述了与多距离三点仲裁相关联的系统，方法和其他实施例。 在一个实施例中，一种方法包括使用K个不同距离函数，计算一对数据点之间相对于仲裁点的K个每距离三点仲裁相似度。 通过确定当K个每距离三点仲裁相似性的主导数字表示数据点相似时，数据点相似，计算数据点之间的多点三点仲裁相似度S; 并且当K个每距离三点仲裁相似性的主导数量表示数据点不相似时，确定数据点是不相似的。 多点三点仲裁相似性与将来处理中使用的数据点相关联。

公开(公告)号：US20140143182A1

公开(公告)日：2014-05-22

申请号：US13680417

申请日：2012-11-19

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Aleksey M. URMANOV ,  Anton A. BOUGAEV

IPC: G06N99/00

CPC classification number: G06N99/005

Abstract: Systems, methods, and other embodiments associated with similarity analysis using tri-point arbitration are described. In one embodiment, a method includes selecting a data point pair and an arbiter point from a data set. A tri-point arbitration coefficient (ρTAC) is calculated for data point pairs based, at least in part, on a distance between the first and second data points and the arbiter point. A similarity metric is determined for the data set based, at least in part, on an aggregation of tri-point arbitration coefficients for data point pairs in the set of data points using the selected arbiter point.

Abstract translation: 描述与使用三点仲裁的相似性分析相关联的系统，方法和其他实施例。 在一个实施例中，一种方法包括从数据集中选择数据点对和仲裁点。 至少部分地基于第一和第二数据点与仲裁点之间的距离来计算数据点对的三点仲裁系数（＆rgr; TAC）。 至少部分地基于使用所选择的仲裁点的数据点集合中的数据点对的三点仲裁系数的聚合来确定数据集的相似性度量。