Learning program behavior for anomaly detection

A computer-enabled method of learning the behavior of a program. A processor can execute a target program during a learning interval while varying a plurality of stimuli provided to the target program so as to produce a multiplicity of different sequences of events which differ in combinations of ty...

Full description

Saved in:
Bibliographic Details
Main Authors AGRAWAL HIRALAL, BEHRENS CLIFFORD, DASARATHY BALAKRISHNAN
Format Patent
LanguageEnglish
Published 27.08.2013
Subjects
CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online AccessGet full text

Cover

More Information
Summary:A computer-enabled method of learning the behavior of a program. A processor can execute a target program during a learning interval while varying a plurality of stimuli provided to the target program so as to produce a multiplicity of different sequences of events which differ in combinations of types of events in respective sequences, orders in which the types of events occur in respective sequences, or in the combinations and in the orders in which the types of events occur. The multiplicity of event sequences can be recorded, and a second program can be executed by a processor to: determine a plurality of clusters based on similarities between the event sequences in their entirety; and determine a plurality of signatures corresponding to the plurality of clusters. Each signature can be the longest common subsequence of all sequences in the respective cluster and thus representative of the cluster. In such method, each of the plurality of signatures can be a benchmark representative of acceptable behavior of the target program.
Bibliography:Application Number: US20100694806