Least recently used (LRU)-based event suppression
US10635806B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | May 4, 2017 |
| Grant date | Apr 28, 2020 |
| Priority date | — |
| Expiry date | Oct 13, 2037 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/033
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A security agent can implement a least recently used (LRU)-based approach to suppressing events observed on a computing device. The security agent may observe events that occur on a computing device. These observed events may then be inserted into a LRU table that tracks, for a subset of the observed events maintained in the LRU table, a rate-based statistic for multiple event groups in which the subset of the observed events are classified. In response to a value of the rate-based statistic for a particular event group satisfying a threshold for the LRU-table, observed events that are classified in the event group can be sent to a remote security system with suppression by refraining from sending, to the remote security system, at least some of the observed events in the event group. The security agent may cease suppression after the rate-based statistic falls below a predetermined threshold level.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.