| 发明名称 | Anomaly detector for computer networks | ||
| 摘要 | A computer system includes a data collector and an anomaly detector. The data collector monitors network traffic/event log and sends monitoring data to the anomaly detector. The anomaly detector extracts values for a category of measure from the monitoring data and processes the values to generate a processed value. The anomaly detector predicts an expectation value of the category of measure based at least on time decayed residual processed values. The anomaly detector determines a deviation of the processed value from the expectation value to detect an anomaly event, and applies a security rule to the anomaly event to detect a security event. | ||
| 申请公布号 | US9009825(B1) | 申请公布日期 | 2015.04.14 |
| 申请号 | US201313924196 | 申请日期 | 2013.06.21 |
| 申请人 | Trend Micro Incorporated | 发明人 | Chang Hung-Jen;Chen Jian-Ying;Lin Yuanhung;Ren Liwei |
| 分类号 | G06F11/00;H04L29/06 | 主分类号 | G06F11/00 |
| 代理机构 | Okamoto & Benedicto LLP | 代理人 | Okamoto & Benedicto LLP |
| 主权项 | 1. A system comprising: a data collector comprising a first computer, wherein the data collector monitors a computer network; and an anomaly detector comprising one or more computers, wherein the anomaly detector receives monitoring data from the data collector, extracts values for a category of measure from the monitoring data, processes the values for the category of measure to generate a processed value, applies a time decay factor to residual processed values previously received from the data collector to generate time decayed residual processed values, determines an expectation value of the category of measure based at least on the time decayed residual processed values, and determines a deviation of the processed value from the expectation value of the category of measure to detect an anomaly event. | ||
| 地址 | Tokyo JP | ||