Classification of log data
US11250043B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 2, 2017 |
| Grant date | Feb 15, 2022 |
| Priority date | — |
| Expiry date | Sep 11, 2037 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F11/3438
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
This disclosure relates to analyzing log data of a system. This comprises evaluating a first graph model with multiple log events in the log data. The first graph model comprises a first set of nodes connected by a first set of edges representing a first behaviour. A processor determines a first correspondence value based on the first graph model and indicative of a correspondence between the multiple log events and the first behaviour. The processor repeats the steps of evaluating the first graph model for one or more further graph models representing one or more further behaviors and determining the first correspondence value to determine one or more further correspondence values. The processor finally determines a classification of the multiple log events as representing one of the behaviors based on the correspondence values. The use of multiple graph models allows a more granular classification than binary intrusion detection.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.