GB2582563A - Feature detection in temporal graphs - Google Patents
Feature detection in temporal graphs Download PDFInfo
- Publication number
- GB2582563A GB2582563A GB1904020.3A GB201904020A GB2582563A GB 2582563 A GB2582563 A GB 2582563A GB 201904020 A GB201904020 A GB 201904020A GB 2582563 A GB2582563 A GB 2582563A
- Authority
- GB
- United Kingdom
- Prior art keywords
- series
- feature
- network
- events
- image
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 230000002123 temporal effect Effects 0.000 title claims abstract description 30
- 238000001514 detection method Methods 0.000 title claims abstract description 19
- 238000000034 method Methods 0.000 claims abstract description 27
- 238000004891 communication Methods 0.000 claims abstract description 19
- 238000013527 convolutional neural network Methods 0.000 claims abstract description 19
- 238000012545 processing Methods 0.000 claims abstract description 11
- 238000009877 rendering Methods 0.000 claims abstract description 11
- 241000700605 Viruses Species 0.000 claims abstract description 4
- 230000008859 change Effects 0.000 claims abstract description 4
- 238000012549 training Methods 0.000 claims description 16
- 238000004590 computer program Methods 0.000 claims description 9
- 230000001681 protective effect Effects 0.000 claims description 5
- 230000000007 visual effect Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000006855 networking Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 101000644392 Petroselinum crispum Tyrosine decarboxylase 1 Proteins 0.000 description 1
- 235000018936 Vitellaria paradoxa Nutrition 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000001537 neural effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2218/00—Aspects of pattern recognition specially adapted for signal processing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/23—Clustering techniques
- G06F18/232—Non-hierarchical techniques
- G06F18/2323—Non-hierarchical techniques based on graph theory, e.g. minimum spanning trees [MST] or graph cuts
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/241—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
- G06F18/2413—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on distances to training or reference patterns
- G06F18/24133—Distances to prototypes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/042—Knowledge-based neural networks; Logical representations of neural networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06T—IMAGE DATA PROCESSING OR GENERATION, IN GENERAL
- G06T11/00—2D [Two Dimensional] image generation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V10/00—Arrangements for image or video recognition or understanding
- G06V10/70—Arrangements for image or video recognition or understanding using pattern recognition or machine learning
- G06V10/82—Arrangements for image or video recognition or understanding using pattern recognition or machine learning using neural networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V20/00—Scenes; Scene-specific elements
- G06V20/30—Scenes; Scene-specific elements in albums, collections or shared content, e.g. social network photos or video
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/02—Knowledge representation; Symbolic representation
- G06N5/022—Knowledge engineering; Knowledge acquisition
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Artificial Intelligence (AREA)
- Computing Systems (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Life Sciences & Earth Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Bioinformatics & Computational Biology (AREA)
- Computer Networks & Wireless Communication (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Evolutionary Biology (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Molecular Biology (AREA)
- Mathematical Physics (AREA)
- Discrete Mathematics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Image Analysis (AREA)
Abstract
A method of feature detection in temporal graph data structures of events (302, 304, 306, Fig. 3) comprising: receiving a series of graph data structures of events 202, each including a plurality of event nodes and edges connecting the event nodes to show a relationship therebetween; rendering each graph data structure in the series as an image in cartesian space to generate a chronological series of images 210; and processing the series of images with a convolutional neural network (CNN) 204 to classify the image series and identify a feature of interest 208. Rendering a graph in cartesian space may include determining, for each node or edge, a: size; location; and visible attribute, such as greyscale, colour and/or brightness. The feature may be a change, or series of changes, to a subgraph over the image series. The events may be network communication events across a computer network and the feature may be associated with malicious network communication. On identification of malicious communication in the network, one or more security measures may be deployed such as: a network proxy; a firewall; an anti-malware facility; and a virus detection facility.
Description
Feature Detection in Temporal Graphs The present invention relates to the detection of features in temporal series of graph data structures.
Graph data structures are commonly used to represent and model events in contexts such as, inter alia, computer networks, telecommunications, software, defence and security, bioinformatics and large-scale sensor networks such as sensors found in internet-of-things (I0T) environments. Graph representations of events can provide a useful basis for identifying occurrences warranting intervention. For example, a graph representation of network communication can be used to detect malicious activity in a network.
Typical automated graph analytical processes are resource intensive as a number of elements within a graph grows. Thus, for increased graph dimensionality including numbers of nodes and edges, a quantity of resource required for processing such graphs, such as computer processing, memory and bandwidth resource, can increase considerably. Such typical analytical processing can include, inter alia: graph walking; clustering; sub-graph analysis and classification methods. The problem is considerably compounded if graphs are generated over time as a temporal series of graphs modelling event occurrences in a system, whereby a number of graphs increases dramatically with a consequently dramatic increase in analytical computing resource.
Thus, there is a challenge in providing improved feature detection for graph data 20 structures that alleviates the aforementioned challenges.
According to a first aspect of the present invention, there is a provided a computer implemented method of feature detection in temporal graph data structures of events, the method comprising: receiving a temporal series of graph data structures of events each including a plurality of nodes corresponding to events and edges connecting nodes corresponding to relationships between events; rendering each graph data structure in the series as an image representation of the graph data structure including a representation of nodes and edges in the graph being rendered reproducibly in a cartesian space based on attributes of the nodes and edges, so as to generate a temporal series of image representations ordered according to the temporal graph data structures; processing the series of image representations by a convolutional neural network to classify the image series so as to identify a feature in the image series, the convolutional neural network being trained by a supervised training method including a plurality of training example image series in which a subset of the training examples are classified as including the feature.
Preferably, rendering a graph reproducible in the cartesian space includes determining, for each of node and edge elements in the graph: a size of an indication of the element; a location in the space of the element; and visible attributes of the indication of the element in the space, so as to render the indication having the size, at the location and with the visible attributes.
Preferably, the visible attributes include one or more of: a greyscale; a colour; and a brightness.
Preferably, the feature is an indication of a subgraph in the image series.
Preferably, the feature includes a particular change or series of changes to a subgraph 10 over images in the temporally ordered image series.
Preferably, the events include network communication events for communication across a computer network, and wherein the feature is associated with malicious communication in the network.
Preferably, the identification of the feature in the image series indicates the existence of malicious communication in the network, and the method further comprises, responsive to the identification of the feature in the image series, deploying one or more of: network security protective measures; and network intrusion remediative measures in the computer network.
Preferably, the network security protective measures include one or more of: a network 20 proxy; a firewall; an anti-malware facility; and a virus detection facility.
According to a second aspect of the present invention, there is a provided a computer system including a processor and memory storing computer program code for performing the steps of the method set out above.
According to a third aspect of the present invention, there is a provided a computer system including a processor and memory storing computer program code for performing the steps of the method set out above.
Embodiments of the present invention will now be described, by way of example only, with reference to the accompanying drawings, in which: Figure 1 is a block diagram a computer system suitable for the operation of 30 embodiments of the present invention; Figure 2 is a component diagram of an arrangement for feature detection in a temporal series of graph data structures according to embodiments of the present invention; and Figure 3 is a flowchart of a method of feature detection in temporal graph data 5 structures of events in accordance with embodiments of the present invention.
Figure 1 is a block diagram of a computer system suitable for the operation of embodiments of the present invention. A central processor unit (CPU) 102 is communicatively connected to a storage 104 and an input/output (I/O) interface 106 via a data bus 108. The storage 104 can be any read/write storage device such as a random-access memory (RAM) or a non-volatile storage device. An example of a non-volatile storage device includes a disk or tape storage device. The I/O interface 106 is an interface to devices for the input or output of data, or for both input and output of data. Examples of I/O devices connectable to I/O interface 106 include a keyboard, a mouse, a display (such as a monitor) and a network connection.
Figure 2 is a component diagram of an arrangement for feature detection in a temporal series of graph data structures 202 according to embodiments of the present invention. A convolutional neural network (CNN) 204 is provided as a deep learning algorithm suitable for being trained based on training images to detect and differentiate features such as aspects and/or objects in images. CNNs are known in the art and are described in, for example: "An Introduction to Convolutional Neural Networks" (O'Shea and Nash, 2015); and "A Comprehensive Guide to Convolutional Neural Networks-the ELI5 way" (S. Saha, 2018, available at "towardsdatascience. com/a-comprehensive-guide-to-convolutional-neuralnetworks-the-eli5-way-3bd 2b1164a53"). The CNN 204 is trained to classify temporal series of images, each temporal series including an ordered set of image representations of a graph data structure as it changes over a period of time. The CNN 204 is therefore trained based on a supervised training method including a plurality of training example image series 206. The training example image series 206 includes a plurality of temporal series of image representations of graph data structures including a subset of series for which a feature is known to exist. For example, a training series of images could represent a graph of network traffic for a computer network in which malicious communication is sent and/or received, and thus the training series of images includes features indicative of such malicious communication. Thus, the CNN 204 is trained to detect features of images and classify those features according to one or more features of interest 208.
The feature of interest 208 as depicted in Figure 1 is a subgraph of a graph data structure 35 represented in an image representation of the graph indicative of a feature occurring in the system modelled by the graph that is notable for recognition in other graphs. While a single feature of interest 208 is illustrated in Figure 1, and the feature of interest is a subgraph, it will be apparent to those skilled in the art that multiple features of interest can be detected by the trained CNN 204 and each feature of interest can include one or more subgraphs of any size.
The training example image series 206 is generated from training example series of graph data structures. Each image in the image series 206 is rendered based on a graph data structure such that the image represents the graph data structure rendered in a cartesian space as a 2-dimensional or 3-dimensional space. In particular, the rendering of elements of a graph data structure (including nodes and edges) is such that each rendering is preferably reproducible in a cartesian space of the same properties such that images are directly comparable. For example, the algorithm for rendering each image of a graph data structure is common to all rendered images such that each image is reproduced by the algorithm should the image be rendered multiple times. Furthermore, the rendering of elements of a graph data structure in an image representation is based on attributes of nodes and edges in the graph data structure, such as attributes associated with nodes in dependence on the events that the nodes represent, and attributes of edges such as weights or the like. For example, rendering a graph reproducible in a cartesian space can include determining, for each of node and edge elements in the graph: a size of an indication of the element; a location in the space of the element; and visible attributes of the indication of the element in the space, so as to render the indication having the size, at the location and with the visible attributes. Such visible attributes include one or more of: a greyscale; a colour; and a brightness.
In this way a temporal sequence of image representations will exhibit changes within the 25 images consistent with changes in a corresponding temporal sequence of graph data structures on which basis the images are generated.
The trained CNN 204 is utilised by a feature detector 200 to detect occurrences of the feature of interest 208 within image representations of temporal graph data structures 202. In this way, detection of a feature -and the attributes of interest of a system for which the feature was generated -within such a visual representation of graph data structures 202 are indicative of existence of such attributes of interest within a system from which the graph data structures 202 were generated.
The feature detector 200 initially renders each of the graph data structures in the temporal sequence of graphs 202 as an image representation 210. As previously described with 35 respect to training images, the image representations 210 are rendered reproducibly in a cartesian space based on attributes of nodes and edges in the graph data structures 202. The rendered image representations 210 are constituted as a series of images ordered temporally according to an order of the temporal series of graph data structures 202.
Subsequently, the feature detector 200 processes the series of image representations 210 of the graph data structures 202 by the CNN 204 so as to detect occurrences of the feature of interest 208 within the images 210. Once detected, the feature of interest 208 and the characteristics of a system of events that it represents can be used to trigger responsive actions in the system.
Notably, the use of a temporal series of images 210 based on temporal series of graph data structures 202 provides for the detection of features across multiple images such as could be achieved for a video or animation based on a series of images. Thus, in one embodiment, the CNN 206 is trained to detect features of interest in a video or animation consisting of multiple frames each constituted by a visual representation of a graph data structure. Thus, the feature of interest 208 can include a particular change or series of changes to one or more subgraphs over multiple images in the temporally ordered image series 210.
An embodiment of the invention will now be considered in the field of computer network communication in which each of the training series of images 206 is a visual representation of a graph data structure of networking events occurring within a computer network. For example, such networking events can include: network traffic source, destination and volume; intrusion detection events; security events; or other network events as will be apparent to those skilled in the art. In particular, in the illustrative embodiment, the feature of interest 208 is a learned feature of a visual representation of a graph data structure indicative of (by being associated with) malicious communication in the network.
Accordingly, in the illustrative embodiment, the graph data structures 202 constitute network event graphs that are rendered as visual representations 210 to detect occurrences of the feature of interest 208 therein by the CNN 204. Notably, as depicted in Figure 2, the feature of interest is identified four times across two of the three visual representations 210. Accordingly, the malicious communication in the network indicated by the feature of interest 208 can be determined to exist in the network for which the event data temporal graph data structures 202 were generated. On detection of such malicious network communication, mitigative and/or remediative measures can be employed including, inter alia: network security protective measures; and network intrusion remediative measures. For example, one or more of a network proxy, firewall, anti-malware or virus detection facility can be deployed.
Figure 3 is a flowchart of a method of feature detection in temporal graph data structures of events in accordance with embodiments of the present invention. Initially, at step 302, a temporal series of graph data structures of events 202 is received, each including a plurality of nodes corresponding to events and edges connecting nodes corresponding to relationships between events. At step 304, each graph data structure in the series 202 is rendered as an image representation 210 of the graph data structure including a representation of nodes and edges in the graph being rendered reproducibly in a cartesian space. The image representations 210 are rendered based on attributes of the nodes and edges in the graph data structures 202 such that a temporal series of image representations 210 is generated. At step 306, the series of image representations 210 is processed by the trained CNN 204 to classify the image series 210 so as to identify a feature of interest 208 in the image series.
Insofar as embodiments of the invention described are implementable, at least in part, using a software-controlled programmable processing device, such as a microprocessor, digital signal processor or other processing device, data processing apparatus or system, it will be appreciated that a computer program for configuring a programmable device, apparatus or system to implement the foregoing described methods is envisaged as an aspect of the present invention. The computer program may be embodied as source code or undergo compilation for implementation on a processing device, apparatus or system or may be embodied as object code, for example.
Suitably, the computer program is stored on a carrier medium in machine or device readable form, for example in solid-state memory, magnetic memory such as disk or tape, optically or magneto-optically readable memory such as compact disk or digital versatile disk etc., and the processing device utilises the program or a part thereof to configure it for operation. The computer program may be supplied from a remote source embodied in a communications medium such as an electronic signal, radio frequency carrier wave or optical carrier wave. Such carrier media are also envisaged as aspects of the present invention.
It will be understood by those skilled in the art that, although the present invention has been described in relation to the above described example embodiments, the invention is not 30 limited thereto and that there are many possible variations and modifications which fall within the scope of the invention.
The scope of the present invention includes any novel features or combination of features disclosed herein. The applicant hereby gives notice that new claims may be formulated to such features or combination of features during prosecution of this application or of any such 35 further applications derived therefrom. In particular, with reference to the appended claims, features from dependent claims may be combined with those of the independent claims and features from respective independent claims may be combined in any appropriate manner and not merely in the specific combinations enumerated in the claims.
Claims (10)
- CLAIMS1. A computer implemented method of feature detection in temporal graph data structures of events, the method comprising: receiving a temporal series of graph data structures of events each including a plurality of nodes corresponding to events and edges connecting nodes corresponding to relationships between events; rendering each graph data structure in the series as an image representation of the graph data structure including a representation of nodes and edges in the graph being rendered reproducibly in a cartesian space based on attributes of the nodes and edges, so as to generate a temporal series of image representations ordered according to the temporal graph data structures; processing the series of image representations by a convolutional neural network to classify the image series so as to identify a feature in the image series, the convolutional neural network being trained by a supervised training method including a plurality of training example image series in which a subset of the training examples are classified as including the feature.
- 2. The method of claim 1 wherein rendering a graph reproducible in the cartesian space includes determining, for each of node and edge elements in the graph: a size of an indication of the element; a location in the space of the element; and visible attributes of the indication of the element in the space, so as to render the indication having the size, at the location and with the visible attributes.
- 3. The method of claim 2 wherein the visible attributes include one or more of: a greyscale; a colour; and a brightness.
- 4. The method of any preceding claim wherein the feature is an indication of a subgraph in the image series.
- 5. The method of any preceding claim wherein the feature includes a particular change or series of changes to a subgraph over images in the temporally ordered image series.
- 6. The method of any preceding claim wherein the events include network communication events for communication across a computer network, and wherein the 35 feature is associated with malicious communication in the network.
- 7. The method of claim 6 wherein the identification of the feature in the image series indicates the existence of malicious communication in the network, and the method further comprises, responsive to the identification of the feature in the image series, deploying one or more of: network security protective measures; and network intrusion remediative measures in the computer network.
- 8. The method of claim 7 wherein the network security protective measures include one or more of: a network proxy; a firewall; an anti-malware facility; and a virus detection facility.
- 9. A computer system including a processor and memory storing computer program code for performing the steps of the method of any preceding claim.
- 10. A computer program element comprising computer program code to, when loaded into a computer system and executed thereon, cause the computer to perform the steps of a 15 method as claimed in any of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB1904020.3A GB2582563A (en) | 2019-03-23 | 2019-03-23 | Feature detection in temporal graphs |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB1904020.3A GB2582563A (en) | 2019-03-23 | 2019-03-23 | Feature detection in temporal graphs |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| GB201904020D0 GB201904020D0 (en) | 2019-05-08 |
| GB2582563A true GB2582563A (en) | 2020-09-30 |
Family
ID=66381290
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| GB1904020.3A Withdrawn GB2582563A (en) | 2019-03-23 | 2019-03-23 | Feature detection in temporal graphs |
Country Status (1)
| Country | Link |
|---|---|
| GB (1) | GB2582563A (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100277481A1 (en) * | 2009-04-30 | 2010-11-04 | International Business Machines Corporation | Method and apparatus of animation planning for a dynamic graph |
| EP3255586A1 (en) * | 2016-06-06 | 2017-12-13 | Fujitsu Limited | Method, program, and apparatus for comparing data graphs |
-
2019
- 2019-03-23 GB GB1904020.3A patent/GB2582563A/en not_active Withdrawn
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100277481A1 (en) * | 2009-04-30 | 2010-11-04 | International Business Machines Corporation | Method and apparatus of animation planning for a dynamic graph |
| EP3255586A1 (en) * | 2016-06-06 | 2017-12-13 | Fujitsu Limited | Method, program, and apparatus for comparing data graphs |
Also Published As
| Publication number | Publication date |
|---|---|
| GB201904020D0 (en) | 2019-05-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107666410B (en) | Network security analysis system and method | |
| US10505960B2 (en) | Malware detection by exploiting malware re-composition variations using feature evolutions and confusions | |
| US20160381057A1 (en) | Customized Network Traffic Models To Detect Application Anomalies | |
| CN112602081A (en) | Enhancing network security and operational monitoring with alarm confidence assignment | |
| US20230164152A1 (en) | Malicious incident visualization | |
| CN109862003A (en) | Local generation method, device, system and the storage medium for threatening information bank | |
| CN112784269B (en) | Malware detection method, device and computer storage medium | |
| CN114528457A (en) | Web fingerprint detection method and related equipment | |
| EP3799367B1 (en) | Generation device, generation method, and generation program | |
| US11290473B2 (en) | Automatic generation of detection alerts | |
| CN104216996A (en) | File information display method and device | |
| CN108156127B (en) | Network attack mode judging device, judging method and computer readable storage medium thereof | |
| US20220255953A1 (en) | Feature detection with neural network classification of images representations of temporal graphs | |
| Gu et al. | Integrating real-time analysis with the dendritic cell algorithm through segmentation | |
| EP4006760B1 (en) | Anomaly determination system, anomaly determination method, and program | |
| Pranav et al. | Detection of botnets in IoT networks using graph theory and machine learning | |
| US9154515B1 (en) | Systems and methods identifying and reacting to potentially malicious activity | |
| EP4221081A1 (en) | Detecting behavioral change of iot devices using novelty detection based behavior traffic modeling | |
| CN115589339B (en) | Network attack type identification method, device, equipment and storage medium | |
| GB2582563A (en) | Feature detection in temporal graphs | |
| US11429515B1 (en) | Monitoring execution of software using path signature | |
| CN115643044A (en) | Data processing method, device, server and storage medium | |
| CN115098864A (en) | Evaluation method and device of image recognition model, medium and electronic equipment | |
| KR20190070583A (en) | Apparatus and method for generating integrated representation specification data for cyber threat information | |
| CN116155519A (en) | Threat alert information processing method, threat alert information processing device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| WAP | Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1) |