Machine learning based anomaly detection

Assignee

• Netskope, Inc. · US

Inventors

• Ariel Faigon · Santa Clara, US
• Krishna Narayanaswamy · Saratoga, US
• Jeevan Tambuluri · Los Altos, US
• Ravi Ithal · Los Altos, US
• Steve Malmskog · San Jose, US
• Abhay Kulkarni · Sunnyvale, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06N20/00
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

The technology disclosed relates to machine learning based anomaly detection. In particular, it relates to constructing activity models on per-tenant and per-user basis using an online streaming machine learner that transforms an unsupervised learning problem into a supervised learning problem by fixing a target label and learning a regressor without a constant or intercept. Further, it relates to detecting anomalies in near real-time streams of security-related events of one or more tenants by transforming the events in categorized features and requiring a loss function analyzer to correlate, essentially through an origin, the categorized features with a target feature artificially labeled as a constant. It further includes determining an anomaly score for a production event based on calculated likelihood coefficients of categorized feature-value pairs and a prevalencist probability value of the production event comprising the coded features-value pairs.