System and method for process state processing
US-2019294482-A1 · Sep 26, 2019 · US
Endpoint process state collector
US10747591B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10747591-B2 |
| Application number | US-201815927104-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 21, 2018 |
| Priority date | Mar 21, 2018 |
| Publication date | Aug 18, 2020 |
| Grant date | Aug 18, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Process states of computing devices may be collected for processing. Process event information of a first computing device may be determined based on an observation of process creation events and process termination events, a garbage collection, and a process scan. The process event information may be provided to a second computing device.
First claim
Opening claim text (preview).
What is claimed is: 1. A system for collecting process states, the system comprising: one or more processors; and a memory storing instructions that, when executed by the one or more processors, cause the system to perform: determining first process event information of a first physical computing device based on a first observation of process creation events and process termination events, a first garbage collection, and a first process scan, the first physical computing device executing a first operating system, each of the first observation, the first garbage collection, and the first process scan being run on the first operating system by a first agent executing on the first physical computing device, and each of the first observation, the first garbage collection, and the first process scan being based on a single process tracking model, wherein the first garbage collection occurs periodically at a first time interval and the first process scan occurs periodically at a second time interval, the first time interval being shorter than the second time interval, wherein the first observation includes addition of a given process to an active process list based on the observation of a given process creation event for the given process and removal of the given process from the active process list based on the first observation of a given process termination event for the given process, and wherein the first garbage collection includes checking states of processes listed on the active process list to determine whether they are active and removal of processes determined to not be active from the active process list; determining second process event information of a second physical computing device based on a second observation of process creation events and process termination events, a second garbage collection, and a second process scan, the second physical computing device executing a second operating system different from the first operating system, each of the second observation, the second garbage collection, and the second process scan being run on the second operating system by a second agent executing on the second physical computing device, and each of the second observation, the second garbage collection, and the second process scan being based on the single process tracking model; providing the first and second process event information to a third physical computing device. 2. The system of claim 1 , wherein the first process event information of the first physical computing device is determined outside of a kernel of the first physical computing device. 3. The system of claim 1 , wherein the first process event information includes information on an identifier, a start time, and a parent-child relationship of a given process running on the first physical computing device. 4. The system of claim 3 , wherein a unique identifier of the given process is determined based on the identifier and the start time. 5. The system of claim 1 , wherein the first process scan includes scanning the first physical computing device to identify processes that are active. 6. The system of claim 5 , wherein a list of processes that are identified to be active based on the first process scan is reconciled with the active process list. 7. The system of claim 1 , wherein the first physical computing device includes an endpoint of a network and the third physical computing device includes a computing device within the network, the third physical computing device including a dynamic process graph interpreter. 8. A method for collecting process states, the method implemented by a computing system including one or more processors and non-transitory storage media storing machine-readable instructions, the method comprising: determining first process event information of a first physical computing device based on a first observation of process creation events and process termination events, a first garbage collection, and a first process scan, the first physical computing device executing a first operating system, each of the first observation, the first garbage collection, and the first process scan being run on the first operating system by a first agent executing on the first physical computing device, and each of the first observation, the first garbage collection, and the first process scan being based on a single process tracking model, wherein the first garbage collection occurs periodically at a first time interval and the first process scan occurs periodically at a second time interval, the first time interval being shorter than the second time interval, wherein the first observation includes addition of a given process to an active process list based on the observation of a given process creation event for the given process and removal of the given process from the active process list based on the first observation of a given process termination event for the given process, and wherein the first garbage collection includes checking states of processes listed on the active process list to determine whether they are active and removal of processes determined to not be active from the active process list; determining second process event information of a second physical computing device based on a second observation of process creation events and process termination events, a second garbage collection, and a second process scan, the second physical computing device executing a second operating system different from the first operating system, each of the second observation, the second garbage collection, and the second process scan being run on the second operating system by a second agent executing on the second physical computing device, and each of the second observation, the second garbage collection, and the second process scan being based on the single process tracking model; providing the first and second process event information to a third physical computing device. 9. The method of claim 8 , wherein the first process event information of the first physical computing device is determined outside of a kernel of the first physical computing device. 10. The method of claim 8 , wherein the first process event information includes information on an identifier, a start time, and a parent-child relationship of a given process running on the first physical computing device. 11. The method of claim 10 , wherein a unique identifier of the given process is determined based on the identifier and the start time. 12. The method of claim 8 , wherein the first process scan includes scanning the first physical computing device to identify processes that are active. 13. The method of claim 12 , wherein a list of processes that are identified to be active based on the first process scan is reconciled with the active process list. 14. The method of claim 8 , wherein the first physical computing device includes an endpoint of a network and the third physical computing device includes a computing device within the network, the third physical computing device including a dynamic process graph interpreter.
Assignees
Inventors
Classifications
Garbage collection, i.e. reclamation of unreferenced memory · CPC title
- G06F9/542Primary
Event management; Broadcasting; Multicasting; Notifications · CPC title
where the computing system component is a software system · CPC title
Buffers; Shared memory; Pipes · CPC title
where tasks reside in different layers, e.g. user- and kernel-space · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10747591B2 cover?
- Process states of computing devices may be collected for processing. Process event information of a first computing device may be determined based on an observation of process creation events and process termination events, a garbage collection, and a process scan. The process event information may be provided to a second computing device.
- Who is the assignee on this patent?
- Didi Res America Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F9/542. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Aug 18 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).