Patent · US Active

Recurrent neural network based anomaly detection

US11301563B2 · kind B2 · utility

4Cited by

3References

18Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Heqing Huang · Mahwah, US
Taesung Lee · White Plains, US
Ian M. Molloy · Chappaqua, US
Zhongshu Gu · Ridgewood, US
Jialong Zhang · White Plains, US
Josyula R. Rao · Briarcliff Manor, US

Key dates

Filing date	Mar 13, 2019
Grant date	Apr 12, 2022
Priority date	—
Expiry date	Jan 14, 2041

Classification

Technology area (CPC G)Physics
CPC primaryG06N20/00
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Mechanisms are provided for detecting abnormal system call sequences in a monitored computing environment. The mechanisms receive, from a computing system resource of the monitored computing environment, a system call of an observed system call sequence for evaluation. A trained recurrent neural network (RNN), trained to predict system call sequences, processes the system call to generate a prediction of a subsequent system call in a predicted system call sequence. Abnormal call sequence logic compares the subsequent system call in the predicted system call sequence to an observed system call in the observed system call sequence and identifies a difference between the predicted system call sequence and the observed system call sequence based on results of the comparing. The abnormal call sequence logic generates an alert notification in response to identifying the difference.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.