| 发明名称 |
Volatility-based Classifier for Security Solutions |
| 摘要 |
Various embodiments provide an approach to classifying security events based on the concept of behavior change detection or “volatility.” Behavior change detection is utilized, in place of a pre-defined patterns approach, to look at a system's behavior and detect any variances from what would otherwise be normal operating behavior. In operation, machine learning techniques are utilized as an event classification mechanism which facilitates implementation scalability. The machine learning techniques are iterative and continue to learn over time. Operational scalability issues are addressed by using the computed volatility of the events in a time series as input for a classifier. During a learning process (i.e., the machine learning process), the system identifies relevant features that are affected by security incidents. When in operation, the system evaluates those features in real-time and provides a probability that an incident is about to occur. |
| 申请公布号 |
US2016021124(A1) |
申请公布日期 |
2016.01.21 |
| 申请号 |
US201414333377 |
申请日期 |
2014.07.16 |
| 申请人 |
Microsoft Corporation |
发明人 |
Sol Alisson Augusto Souza;Markey Barry;Fish Robert D.;Ankney Donald J.;Boia Dragos D.;Ramdatmisier Viresh |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computer-implemented method comprising:
producing usage data associated with an online service, the usage data being associated with online service interactions; producing operational data associated with the online service, the operational data being associated with online service interactions; processing the usage data and the operational data to produce a measure of behavioral changes over time; correlating behavioral changes of the usage data and the operational data; and processing the correlated behavioral changes to recognize one or more events in which usage and operational behavioral changes deviate from historical data. |
| 地址 |
Redmond WA US |
