公开(公告)号：US10768982B2

公开(公告)日：2020-09-08

申请号：US16135802

申请日：2018-09-19

Applicant: Oracle International Corporation

Inventor： Andrew Brownsword ,  Tayler Hetherington ,  Pavan Chandrashekar ,  Akhilesh Singhania ,  Stuart Wray ,  Pravin Shinde ,  Felix Schmidt ,  Craig Schelp ,  Onur Kocberber ,  Juan Fernandez Peinador ,  Rod Reddekopp ,  Manel Fernandez Gomez ,  Nipun Agarwal

IPC: G06F9/54 ,  G06F9/48 ,  G06F11/30 ,  G06F9/38 ,  G06F9/455 ,  G06N20/00 ,  G06F16/11 ,  G06F16/18

Abstract: Herein are techniques for analysis of data streams. In an embodiment, a computer associates each software actor with data streams. Each software actor has its own backlog queue of data to analyze. In response to receiving some stream content and based on the received stream content, data is distributed to some software actors. In response to determining that the data satisfies completeness criteria of a particular software actor, an indication of the data is appended onto the backlog queue of the particular software actor. The particular software actor is reset to an initial state by loading an execution snapshot of a previous initial execution of an embedded virtual machine. Based on the particular software actor, execution of the execution snapshot of the previous initial execution is resumed to dequeue and process the indication of the data from the backlog queue of the particular software actor to generate a result.

公开(公告)号：US11451565B2

公开(公告)日：2022-09-20

申请号：US16122664

申请日：2018-09-05

Applicant: Oracle International Corporation

Inventor： Guang-Tong Zhou ,  Hossein Hajimirsadeghi ,  Andrew Brownsword ,  Stuart Wray ,  Craig Schelp ,  Rod Reddekopp ,  Felix Schmidt

IPC: G06N3/04 ,  H04L9/40 ,  G06K9/62

Abstract: Techniques are provided herein for contextual embedding of features of operational logs or network traffic for anomaly detection based on sequence prediction. In an embodiment, a computer has a predictive recurrent neural network (RNN) that detects an anomalous network flow. In an embodiment, an RNN contextually transcodes sparse feature vectors that represent log messages into dense feature vectors that may be predictive or used to generate predictive vectors. In an embodiment, graph embedding improves feature embedding of log traces. In an embodiment, a computer detects and feature-encodes independent traces from related log messages. These techniques may detect malicious activity by anomaly analysis of context-aware feature embeddings of network packet flows, log messages, and/or log traces.

公开(公告)号：US11372868B2

公开(公告)日：2022-06-28

申请号：US16246765

申请日：2019-01-14

Applicant: Oracle International Corporation

Inventor： Rod Reddekopp ,  Andrew Brownsword ,  Manel Fernandez Gomez ,  Juan Fernandez Peinador

IPC: G06F16/2458 ,  G06F16/21 ,  G06F16/17 ,  G06N3/04 ,  G06N3/08 ,  G06F40/284 ,  G06N20/20

Abstract: Herein are techniques for training a parser by categorizing and generalizing messages and abstracting message templates for parsing after training. In an embodiment, a computer generates a message signature based on a message sequence of tokens that were extracted from a training message. The message signature is matched to a cluster signature that represents messages of one of many clusters that have distinct signatures. The training message is added to the cluster. Based on a data type of the cluster signature, a value is extracted from a second message, such as a live message after training. Fuzzy signatures may be probabilistically matched to select a best matching cluster for a message. The value range of a token may be broadened or narrowed by adding or removing candidate data types, by adding or removing literals to a data type, and/or by promoting a narrow data type to a broader data type.