Automatic anomaly detector
US10749883B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Aug 27, 2018 |
| Grant date | Aug 18, 2020 |
| Priority date | — |
| Expiry date | Feb 14, 2039 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/145
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Described is an automatic anomaly detector that receives a time-series of normal and abnormal activities that include features related to entities within a computing system. A feature coherence graph for the features is constructed, with the graph then clustered such that feature spaces of entities are expanded to include features that live within a same cluster but belong to separate entities. The feature spaces are unified by mapping representations of the features spaces into a Euclidean space of feature vectors. The feature vectors related to each feature are then aligned. Sets of clusters of related abnormal activities are then generated by regressing each feature vector over only those features that it possesses. The sets of clusters are used to detect anomalous behavior. The system then identifies a node within the computer system generating the anomalous behavior and initiates an action to minimize a threat posed by the node.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.