METHOD AND DEVICE FOR ANOMALY DETECTION USING N-GRAM SUBJECT TUPLES

An anomaly detection method incorporated with an anomaly detection device running an operating system is disclosed and includes steps of: storing a parent-child relationship upon a process creation; retrieving every upper layer parent-child relationship relating to a parent process; creating a proce...

Full description

Saved in:
Bibliographic Details
Main Authors LIANG, Han-Chang, CHANG, Min-Hsin, LUO, Tzu-Chun, CHENG, Chung-Lun
Format Patent
LanguageEnglish
Published 24.07.2025
Subjects
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online AccessGet full text

Cover

More Information
Summary:An anomaly detection method incorporated with an anomaly detection device running an operating system is disclosed and includes steps of: storing a parent-child relationship upon a process creation; retrieving every upper layer parent-child relationship relating to a parent process; creating a process chain according to the parent-child relationship and every upper layer parent-child relationship relating to the parent process; dividing the process chain into M N-gram subject tuples; and examining an odd of each of the N-gram subject tuples by inquiring a prevalence model and determining whether a creation of a process is an anomaly event according to the odd.
Bibliography:Application Number: US202418418872