Behavioral model based on short and long range event correlations in system traces

A method of generating a behavioral model of a computer system. A processor partitions a system log of process events into a plurality of strands sharing common characteristics. The processor selects attributes from the strands and generates first distinct n-grams that include attributes from succes...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Pieczul, Olgierd S
Format:	Patent
Sprache:	eng
Schlagworte:	CALCULATING COMPUTING COUNTING DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FORADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORYOR FORECASTING PURPOSES ELECTRIC DIGITAL DATA PROCESSING PHYSICS SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE,COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTINGPURPOSES, NOT OTHERWISE PROVIDED FOR
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

Beschreibung
Zusammenfassung:	A method of generating a behavioral model of a computer system. A processor partitions a system log of process events into a plurality of strands sharing common characteristics. The processor selects attributes from the strands and generates first distinct n-grams that include attributes from successive events within a strand. The processor generates a first plurality of n-gram groups, each including a plurality of the first distinct n-grams in which a first one of the plurality of first distinct n-grams coexists in a strand also containing a second one of the plurality of first distinct n-grams. The processor generates a first plurality of n-gram group arrangements, each containing a plurality of n-gram groups, and each of the n-gram groups included, in combination, in at least one strand, and the behavioral model containing the first distinct n-grams, the first plurality of n-gram groups, and the first plurality of n-gram group arrangements.