Detection of brute force attacks
US-2021185084-A1 · Jun 17, 2021 · US
Customized anomaly detection
US12238129B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12238129-B2 |
| Application number | US-202017783240-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 17, 2020 |
| Priority date | Jan 7, 2020 |
| Publication date | Feb 25, 2025 |
| Grant date | Feb 25, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods and apparatuses for implementing customized anomaly detection. A time-series data including a plurality of data points is obtained. Anomaly detection is performed to the time-series data with an anomaly detection model. A feedback associated with an anomaly detection result of at least one data point in the time-series data is received. The anomaly detection model is updated based at least on the feedback through reinforcement learning.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method for implementing customized anomaly detection, comprising: obtaining time-series data including a plurality of data points; performing anomaly detection on the time-series data with a first anomaly detection model; graphically presenting anomaly detection results as a function of time, wherein a first anomaly is represented by first indications and a second anomaly different from the first anomaly is represented by second indications different from the first indications; receiving feedback associated with an anomaly detection result of at least one data point in the time-series data, the feedback being in a form of adjustments to ones of the first indications and the second indications; and updating the first anomaly detection model to a second anomaly detection model different from the first anomaly detection model based at least on the feedback through reinforcement learning, wherein the updating the first anomaly detection model to the second anomaly detection model comprises: optimizing a policy network based at least on the feedback through the reinforcement learning, which includes: calculating a policy gradient based at least on the anomaly detection result and the feedback; and adjusting the policy network with the policy gradient; and determining hyper-parameters through the optimized policy network. 2. The method of claim 1 , wherein the feedback comprises at least one of: correcting the at least one data point, which is indicated as abnormal by the anomaly detection result, as a non-abnormal data point; correcting the at least one data point, which is indicated as normal by the anomaly detection result, as an abnormal data point; and labeling the at least one data point, which is indicated as abnormal by the anomaly detection result, as a key abnormal data point. 3. The method of claim 1 , wherein hyper-parameters of the second anomaly detection model comprise at least one of: at least one detection approach; parameters associated with the at least one detection approach; a detection window size; and detection sensitivity. 4. The method of claim 1 , wherein the determining hyper-parameters comprises at least one of: determining a detection window size; and determining detection sensitivity. 5. The method of claim 1 , wherein the reinforcement learning is for maximizing a reward obtained for the time-series data, the reward being determined based at least on the anomaly detection result and the feedback. 6. The method of claim 5 , wherein the reward is at least one of precision, recall rate and F1 score. 7. The method of claim 1 , wherein state information in the reinforcement learning comprises at least one of: statistical features from the time-series data; and features associated with an application scenario. 8. The method of claim 1 , wherein action information in the reinforcement learning comprises at least one of: a determined detection window size; and a determined detection sensitivity. 9. The method of claim 1 , wherein the policy network is implemented based on Long Short Term Memory (LSTM) or Gated Recurrent Unit (GRU). 10. An apparatus for implementing customized anomaly detection, comprising: a time-series data obtaining module, for obtaining time-series data including a plurality of data points; an anomaly detection performing module, for performing anomaly detection on the time-series data with a first anomaly detection model; a module for graphically presenting anomaly detection results as a function of time, wherein a first anomaly is represented by first indications and a second anomaly different from the first anomaly is represented by second indications different from the first indications; a feedback receiving module, for receiving feedback associated with an anomaly detection result of at least one data point in the time-series data, the feedback being in a form of adjustments to ones of the first indications and the second indications; and a model updating module, for updating the first anomaly detection model to a second anomaly detection model different from the first anomaly detection model based at least on the feedback through reinforcement learning, wherein the updating the first anomaly detection model to the second anomaly detection model comprises: optimizing a policy network based at least on the feedback through the reinforcement learning, which includes: calculating a policy gradient based at least on the anomaly detection result and the feedback; and adjusting the policy network with the policy gradient; and determining hyper-parameters through the optimized policy network. 11. The apparatus of claim 10 , wherein the determining hyper-parameters comprises at least one of: determining a detection window size; and determining detection sensitivity. 12. An apparatus for implementing customized anomaly detection, comprising: at least one processor; and a memory storing computer-executable instructions that, when executed, cause the at least one processor to: obtain time-series data including a plurality of data points; perform anomaly detection on the time-series data with a first anomaly detection model; graphically present anomaly detection results as a function of time, wherein a first anomaly is represented by first indications and a second anomaly different from the first anomaly is represented by second indications different from the first indications; receive feedback associated with an anomaly detection result of at least one data point in the time-series data, the feedback being in a form of adjustments to ones of the first indications and the second indications; and update the first anomaly detection model to a second anomaly detection model different from the first anomaly detection model based at least on the feedback through reinforcement learning, wherein the updating the first anomaly detection model to the second anomaly detection model comprises: optimizing a policy network based at least on the feedback through the reinforcement learning, which includes: calculating a policy gradient based at least on the anomaly detection result and the feedback; and adjusting the policy network with the policy gradient; and determining hyper-parameters through the optimized policy network.
Assignees
Inventors
Classifications
characterised by memory or gating, e.g. long short-term memory [LSTM] or gated recurrent units [GRU] · CPC title
Reinforcement learning · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
using machine learning or artificial intelligence · CPC title
Recurrent networks, e.g. Hopfield networks · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12238129B2 cover?
- Methods and apparatuses for implementing customized anomaly detection. A time-series data including a plurality of data points is obtained. Anomaly detection is performed to the time-series data with an anomaly detection model. A feedback associated with an anomaly detection result of at least one data point in the time-series data is received. The anomaly detection model is updated based at le…
- Who is the assignee on this patent?
- Microsoft Technology Licensing Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1425. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 25 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 10 related publications on this page (citations in our corpus or others sharing the same primary CPC).