Feature processing recipes for machine learning
US-2015379423-A1 · Dec 31, 2015 · US
Anomaly detection for computer systems
US11341237B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11341237-B2 |
| Application number | US-201816498932-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 26, 2018 |
| Priority date | Mar 30, 2017 |
| Publication date | May 24, 2022 |
| Grant date | May 24, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A computer implemented method to detect a computer system in execution operating in a manner that is not compliant with a definition of a set of compliant operations, the method including receiving a first set of records for the computer system, each record detailing an occurrence in the computer system during a first predetermined time period; generating a sparse distributed representation of the set of records to form a training set for a hierarchical temporal memory (HTM); training the HTM based on the training set in order that the trained HTM provides a model of the operation of the computer system during the predetermined time period; selecting at least a subset of operations in the set of compliant operations and causing the invocation of each operation of the subset in the computer system over a second predetermined time period to generate a second set of records of occurrences in the computer system; generating a sparse distributed representation of the set of records to form an input set for the trained HTM; executing the trained HTM based on the input set to determine a degree of recognition of the records of the input set; and responsive to a determination that a degree of recognition of one or more records of the input set is below a threshold degree, identifying the operation of the computer system as non-compliant.
First claim
Opening claim text (preview).
The invention claimed is: 1. A computer implemented method to detect a computer system in execution operating in a manner that is not compliant with a definition of a set of compliant operations, the method comprising: receiving a first set of records for the computer system, each record detailing an occurrence in the computer system during a first predetermined time period; generating a sparse distributed representation of the first set of records to form a training set for a hierarchical temporal memory (HTM); training the HTM based on the training set in order that the trained HTM provides a model of operation of the computer system during the first predetermined time period; selecting at least a subset of operations in the set of compliant operations and causing the invocation of each operation of the subset of operations in the computer system over a second predetermined time period to generate a second set of records of occurrences in the computer system; generating a sparse distributed representation of the second set of records to form an input set for the trained HTM; executing the trained HTM based on the input set to determine a degree of recognition of the records of the input set; and responsive to a determination that a degree of recognition of one or more records of the input set is below a threshold degree, identifying the operation of the computer system as non-compliant. 2. The method of claim 1 , further comprising, in response to an identification that the operation of the computer system is non-compliant, implementing a protective measure to protect against a malicious operation of the computer system. 3. The method of claim 2 , wherein the protective measure includes one or more of: causing a cessation of operation of the computer system; generating an event indicating the non-compliance of the computer system; suspending operation of the computer system; or executing one or more protective software components or remedial software components in the computer system. 4. A non-transitory computer-readable storage medium storing a computer program element comprising computer program code to, when loaded into a computer system and executed thereon, cause the computer system to perform the method as claimed in claim 1 . 5. A computer system comprising: a processor and memory storing computer program code for detecting a computer system in execution operating in a manner that is not compliant with a definition of a set of compliant operations, the method comprising: receiving a first set of records for the computer system, each record detailing an occurrence in the computer system during a first predetermined time period; generating a sparse distributed representation of the first set of records to form a training set for a hierarchical temporal memory (HTM); training the HTM based on the training set in order that the trained HTM provides a model of operation of the computer system during the first predetermined time period; selecting at least a subset of operations in the set of compliant operations and causing the invocation of each operation of the subset of operations in the computer system over a second predetermined time period to generate a second set of records of occurrences in the computer system; generating a sparse distributed representation of the second set of records to form an input set for the trained HTM; executing the trained HTM based on the input set to determine a degree of recognition of the records of the input set; and responsive to a determination that a degree of recognition of one or more records of the input set is below a threshold degree, identifying the operation of the computer system as non-compliant.
Assignees
Inventors
Classifications
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability · CPC title
- G06F21/554Primary
involving event detection and direct action · CPC title
involving long-term monitoring or reporting · CPC title
- G06F21/55Primary
Detecting local intrusion or implementing counter-measures · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11341237B2 cover?
- A computer implemented method to detect a computer system in execution operating in a manner that is not compliant with a definition of a set of compliant operations, the method including receiving a first set of records for the computer system, each record detailing an occurrence in the computer system during a first predetermined time period; generating a sparse distributed representation of …
- Who is the assignee on this patent?
- British Telecomm
- What technology area does this patent fall under?
- Primary CPC classification G06F21/554. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue May 24 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).