公开(公告)号：US11218498B2

公开(公告)日：2022-01-04

申请号：US16122505

申请日：2018-09-05

Applicant: Oracle International Corporation

Inventor： Hossein Hajimirsadeghi ,  Guang-Tong Zhou ,  Andrew Brownsword ,  Nipun Agarwal ,  Pavan Chandrashekar ,  Karoon Rashedi Nia

IPC: H04L29/06 ,  G06N3/02 ,  H04L12/24 ,  G06K9/62

Abstract: Techniques are provided herein for contextual embedding of features of operational logs or network traffic for anomaly detection based on sequence prediction. In an embodiment, a computer has a predictive recurrent neural network (RNN) that detects an anomalous network flow. In an embodiment, an RNN contextually transcodes sparse feature vectors that represent log messages into dense feature vectors that may be predictive or used to generate predictive vectors. In an embodiment, graph embedding improves feature embedding of log traces. In an embodiment, a computer detects and feature-encodes independent traces from related log messages. These techniques may detect malicious activity by anomaly analysis of context-aware feature embeddings of network packet flows, log messages, and/or log traces.

公开(公告)号：US10768982B2

公开(公告)日：2020-09-08

申请号：US16135802

申请日：2018-09-19

Applicant: Oracle International Corporation

Inventor： Andrew Brownsword ,  Tayler Hetherington ,  Pavan Chandrashekar ,  Akhilesh Singhania ,  Stuart Wray ,  Pravin Shinde ,  Felix Schmidt ,  Craig Schelp ,  Onur Kocberber ,  Juan Fernandez Peinador ,  Rod Reddekopp ,  Manel Fernandez Gomez ,  Nipun Agarwal

IPC: G06F9/54 ,  G06F9/48 ,  G06F11/30 ,  G06F9/38 ,  G06F9/455 ,  G06N20/00 ,  G06F16/11 ,  G06F16/18

Abstract: Herein are techniques for analysis of data streams. In an embodiment, a computer associates each software actor with data streams. Each software actor has its own backlog queue of data to analyze. In response to receiving some stream content and based on the received stream content, data is distributed to some software actors. In response to determining that the data satisfies completeness criteria of a particular software actor, an indication of the data is appended onto the backlog queue of the particular software actor. The particular software actor is reset to an initial state by loading an execution snapshot of a previous initial execution of an embedded virtual machine. Based on the particular software actor, execution of the execution snapshot of the previous initial execution is resumed to dequeue and process the indication of the data from the backlog queue of the particular software actor to generate a result.