| 发明名称 |
REAL-TIME DETECTION AND CLASSIFICATION OF ANOMALOUS EVENTS IN STREAMING DATA |
| 摘要 |
A system is described for receiving a stream of events and scoring the events based on anomalousness and maliciousness (or other classification). The events can be displayed to a user in user-defined groupings in an animated fashion. The system can include a plurality of anomaly detectors that together implement an algorithm to identify low probability events and detect atypical traffic patterns. The atypical traffic patterns can then be classified as being of interest or not. In one particular example, in a network environment, the classification can be whether the network traffic is malicious or not. |
| 申请公布号 |
US2015106927(A1) |
申请公布日期 |
2015.04.16 |
| 申请号 |
US201314053248 |
申请日期 |
2013.10.14 |
| 申请人 |
UT-Battelle, LLC |
发明人 |
Ferragut Erik M.;Goodall John R.;Iannacone Michael D.;Laska Jason A.;Harrison Lane T. |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method of detecting and classifying anomalous events, comprising:
receiving an input log file including a plurality of events, wherein each event comprises a data set; for each event, providing multiple contexts that group the data set into different sub-groups; generating an anomaly score for each context so that each event has at least two anomaly scores associated therewith; for each event, combining at least the anomaly scores to generate an overall event score so as to classify the event as being normal or abnormal; and outputting a plurality of the overall event scores for the input log file. |
| 地址 |
Oak Ridge TN US |
