| 发明名称 |
System and methods for anomaly detection and adaptive learning |
| 摘要 |
In a method of generating an anomaly detection model for classifying activities of a computer system, using a training set of data corresponding to activity on the computer system, the training set comprising a plurality of instances of data having features, and wherein each feature in said plurality of features has a plurality of values. For a selected feature and a selected value of the selected feature, a quantity is determined which corresponds to the relative sparsity of such value. The quantity may correspond to the difference between the number occurrences of the selected value and the number of occurrences of the most frequently occurring value. These instances are classified as anomaly and added to the training set of normal data to generate a rule set or other detection model.
|
| 申请公布号 |
US7424619(B1) |
申请公布日期 |
2008.09.09 |
| 申请号 |
US20020269694 |
申请日期 |
2002.10.11 |
| 申请人 |
THE TRUSTEES OF COLUMBIA UNIVERSITY IN THE CITY OF NEW YORK |
发明人 |
FAN WEI;STOLFO SALVATORE J. |
| 分类号 |
G06F11/30;G05B13/02;G06F11/00;G06F17/30;H04L9/32;H04L12/24;H04L12/26;H04L12/56 |
主分类号 |
G06F11/30 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
|
| 地址 |
|
