GB2603686A - Updating detection models and maintaining data privacy - Google Patents

Updating detection models and maintaining data privacy Download PDF

Info

Publication number
GB2603686A
GB2603686A GB2205042.1A GB202205042A GB2603686A GB 2603686 A GB2603686 A GB 2603686A GB 202205042 A GB202205042 A GB 202205042A GB 2603686 A GB2603686 A GB 2603686A
Authority
GB
United Kingdom
Prior art keywords
model update
module
local node
determining
current detection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB2205042.1A
Other versions
GB202205042D0 (en
Inventor
Robert Patten Willie Jr
Irving Kelton Eugene
Ma Yi-Hui
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US16/577,774 external-priority patent/US11188320B2/en
Priority claimed from US16/577,770 external-priority patent/US11216268B2/en
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of GB202205042D0 publication Critical patent/GB202205042D0/en
Publication of GB2603686A publication Critical patent/GB2603686A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/30Creation or generation of source code
    • G06F8/35Creation or generation of source code model driven
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Debugging And Monitoring (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

A system for updating detection models comprises at least one local node comprising a monitoring module, a diagnosis module, and an evaluation module. The system receives at least one model update, and analyzes the model update and current models and data present in the local node, and determines if the update should be applied. In some embodiments, a local node can generate a model update for use in other local nodes, while not sharing private data present in the local node.

Claims (35)

1. A computer program product for updating detection models, the computer program product comprising at least one computer readable storage medium having program instructions embodied therewith, the program instructions executable by a processor to cause the processor to update at least one local node by: receiving, by at least one monitoring module, the model update; determining, by at least one diagnosis module, the current detection models; determining, by at least one evaluation module, if the model update should be applied to the current detection models; determining, by at least one evaluation module, if the local node has permission to apply the model update; and updating, by at least evaluation module, the current detection models with the model update.
2. The computer program product of claim 1 , wherein the program instructions executable by the processor further cause the processor to distribute the model update to at least one local node.
3. The computer program product of claim 2, wherein the model update is distributed to at least two local nodes.
4. The computer program product of claim 2, wherein the model update is distributed to at least one local node by a central module.
5. The computer program product of claim 4, wherein the central module distributes the model update to at least one local node by: receiving, by the central module, the model update; analyzing, by the central module, a database of available models; determining, by the central module, a priority level for the model update; determining, by the central module, which local nodes should receive the model update; and transmitting, by the central module, the model update to at least one local node.
6. The computer program product of claim 5, wherein the database of available models comprises models available to all local nodes.
7. The computer program product of claim 5, wherein the priority level is determined by comparing features of the model update to model information in an existing model database.
8. The computer program product of claim 2, wherein the model update is distributed to at least one local node by another local node.
9. The computer program product of claim 1 , wherein the program instructions executable by the processor further cause the processor to create a model update.
10. The computer program product of claim 9, wherein the creation of a model update occurs in a local node.
11. The computer program product of claim 10, wherein the creation of the model update occurs by: detecting, by the diagnosis module, a significant change in system data; determining, by the diagnosis module, a list of all current detection models involved with detecting the significant change; analyzing, by the diagnosis module, the system data involved with detecting the significant change; generating, by the diagnosis module, the model update; and transmitting, by the monitoring module, the model update.
12. The computer program product of claim 11, wherein the generated model update comprises one or more elements selected from the group consisting of: one or more algorithms, creation date and time, number of events detected over given time period, aggregate statistics, and the threshold point or points used to trigger the model update.
13. The computer program product of claim 11 , wherein the generated model update does not comprise any system data specific to the local node that generated the model update.
14. The computer program product of claim 11, wherein the monitoring module transmits the model update to a central module outside of the local node.
15. The computer program product of claim 11, wherein the monitoring module transmits the model update to a monitoring module from another local node.
16. A system for updating detection models, comprising: at least one local node comprising: a monitoring module; a diagnosis module; an evaluation module; one or more current detection models; and system data produced by the current detection models; and a memory comprising instructions, which are executed by at least one processor, configured to: receive, by the monitoring module, a model update; determine, by the diagnosis module, the current detection models; determine, by the evaluation module, if the model update should be applied to the current detection models; determine, by the evaluation module, if the local node has permission to apply the model update; and update, by the evaluation module, the current detection models with the model update.
17. The system of claim 16, wherein the system further comprises at least two local nodes.
18. The system of claim 17, wherein the system further comprises a central module, and wherein the monitoring module of each local node is in electronic communication with the central module.
19. The system of claim 18, wherein the system further comprises a database of all available models for the system in electronic communication with the central module.
20. The system of claim 18, wherein the monitoring module is configured to receive model updates.
21. The system of claim 20, wherein the monitoring module can receive a model update from a system administrator or from a local node.
22. The system of claim 17, wherein the instructions are further configured to: detect, by the diagnosis module, a significant change in system data; determine, by the diagnosis module, a list of all current detection models involved with the detection step; analyze, by the diagnosis module, the system data involved with the detection step; generate, by the diagnosis module, the model update; transmit, by the monitoring module, the model update.
23. The system of claim 22, wherein the generated model update comprises one or more elements selected from the group consisting of: one or more algorithms, creation date and time, number of events detected over given time period, aggregate statistics, and the threshold point or points used to trigger the model update.
24. The system of claim 22, wherein the generated model update does not comprise any system data specific to the local node that generated the model update.
25. The system of claim 16, further comprising: at least a second local node; a central module, wherein the monitoring module of each local node is in electronic communication with the central module; and a database of all available models for the system in electronic communication with the central module; and a memory comprising instructions, which are executed by at least one processor, configured to: create a model update, comprising: detecting, by the diagnosis module, a significant change in system data; determining, by the diagnosis module, a list of all current detection models involved with the detection step; analyzing, by the diagnosis module, the system data involved with the detection step; generating, by the diagnosis module, the model update; transmitting, by the monitoring module, the model update distribute a model update, comprising: receiving, by the central module, the model update; analyzing, by the central module, the database of available models; determining, by the central module, a priority level for the model update; determining, by the central module, which local nodes should receive the model update; and transmitting, by the central module, the model update; and update at least one local node, comprising: receiving, by at least one monitoring module, a model update; determining, by at least one diagnosis module, the current detection models; determining, by at least one evaluation module, if the model update should be applied to the current detection models; determining, by at least one evaluation module, if the local node has permission to apply the model update; and updating, by at least evaluation module, the current detection models with the model update.
26. A computer implemented method in a data processing system comprising a processor and a memory comprising instructions which are executed by the processor to cause the processor to implement a system updating detection models, the method comprising: updating at least one local node, comprising: receiving, by a monitoring module of at least one local node, a model update; determining, by a diagnosis module of the local node, the current detection models in use by the local node; determining, by an evaluation module of the local node, if the model update should be applied to the current detection models; determining, by the evaluation module of the local node, if the local node has permission to apply the model update; and updating, by the evaluation module of the local node, the current detection models with the model update.
27. The method of claim 26, wherein the method further comprises updating at least two local nodes.
28. The method of claim 27, wherein the method further comprises distributing, by a central module, the model update.
29. The method of claim 28, wherein the method further comprises analyzing, by the central module, a database of available models.
30. The method of claim 28, wherein the method further comprises determining, by the central module, a priority level of the model update.
31. The method of claim 28, wherein the method further comprises determining, by the central module, which local nodes should receive the model update.
32. The method of claim 27, the method further comprises: creating a model update, comprising: detecting, by the diagnosis module, a significant change in system data; determining, by the diagnosis module, a list of all current detection models involved with the detection step; analyzing, by the diagnosis module, the system data involved with the detection step; generating, by the diagnosis module, the model update; transmitting, by the monitoring module, the model update.
33. The method of claim 32, wherein the generated model update comprises one or more elements selected from the group consisting of: one or more algorithms, creation date and time, number of events detected over given time period, aggregate statistics, and the threshold point or points used to trigger the model update.
34. The method of claim 32, wherein the generated model update does not comprise any system data specific to the local node that generated the model update.
35. The method of claim 26, further comprising: creating a model update, comprising: detecting, by the diagnosis module, a significant change in system data; determining, by the diagnosis module, a list of all current detection models involved with detecting the significant change; analyzing, by the diagnosis module, the system data involved with detecting the significant change; generating, by the diagnosis module, the model update; and transmitting, by the monitoring module, the model update; distributing the model update, comprising: receiving, by a central module, the model update; analyzing, by the central module, a database of available models; determining, by the central module, a priority level for the model update; determining, by the central module, which local nodes should receive the model update; and transmitting, by the central module, the model update to at least one local node; and updating at least one local node, comprising: receiving, by at least one monitoring module, the model update; determining, by at least one diagnosis module, the current detection models; determining, by at least one evaluation module, if the model update should be applied to the current detection models; determining, by at least one evaluation module, if the local node has permission to apply the model update; and updating, by at least evaluation module, the current detection models with the model update.
GB2205042.1A 2019-09-20 2020-09-15 Updating detection models and maintaining data privacy Withdrawn GB2603686A (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/577,774 US11188320B2 (en) 2019-09-20 2019-09-20 Systems and methods for updating detection models and maintaining data privacy
US16/577,770 US11216268B2 (en) 2019-09-20 2019-09-20 Systems and methods for updating detection models and maintaining data privacy
PCT/IB2020/058564 WO2021053509A1 (en) 2019-09-20 2020-09-15 Updating detection models and maintaining data privacy

Publications (2)

Publication Number Publication Date
GB202205042D0 GB202205042D0 (en) 2022-05-18
GB2603686A true GB2603686A (en) 2022-08-10

Family

ID=74884596

Family Applications (1)

Application Number Title Priority Date Filing Date
GB2205042.1A Withdrawn GB2603686A (en) 2019-09-20 2020-09-15 Updating detection models and maintaining data privacy

Country Status (5)

Country Link
JP (1) JP2022548945A (en)
CN (1) CN114424164A (en)
DE (1) DE112020003693T5 (en)
GB (1) GB2603686A (en)
WO (1) WO2021053509A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150326597A1 (en) * 2006-11-15 2015-11-12 Gabriela F. Ciocarlie Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and/or generating sanitized anomaly detection models
CN106610854A (en) * 2015-10-26 2017-05-03 阿里巴巴集团控股有限公司 Model update method and device
CN107229966A (en) * 2016-03-25 2017-10-03 阿里巴巴集团控股有限公司 A kind of model data update method, apparatus and system
CN108921301A (en) * 2018-06-29 2018-11-30 长扬科技(北京)有限公司 A kind of machine learning model update method and system based on self study

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160294614A1 (en) * 2014-07-07 2016-10-06 Symphony Teleca Corporation Remote Embedded Device Update Platform Apparatuses, Methods and Systems
US10387794B2 (en) * 2015-01-22 2019-08-20 Preferred Networks, Inc. Machine learning with model filtering and model mixing for edge devices in a heterogeneous environment
US9699205B2 (en) * 2015-08-31 2017-07-04 Splunk Inc. Network security system
US20170357910A1 (en) * 2016-06-10 2017-12-14 Apple Inc. System for iteratively training an artificial intelligence using cloud-based metrics

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150326597A1 (en) * 2006-11-15 2015-11-12 Gabriela F. Ciocarlie Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and/or generating sanitized anomaly detection models
CN106610854A (en) * 2015-10-26 2017-05-03 阿里巴巴集团控股有限公司 Model update method and device
CN107229966A (en) * 2016-03-25 2017-10-03 阿里巴巴集团控股有限公司 A kind of model data update method, apparatus and system
CN108921301A (en) * 2018-06-29 2018-11-30 长扬科技(北京)有限公司 A kind of machine learning model update method and system based on self study

Also Published As

Publication number Publication date
WO2021053509A1 (en) 2021-03-25
GB202205042D0 (en) 2022-05-18
JP2022548945A (en) 2022-11-22
DE112020003693T5 (en) 2022-04-21
CN114424164A (en) 2022-04-29

Similar Documents

Publication Publication Date Title
US11190425B2 (en) Anomaly detection in a network based on a key performance indicator prediction model
US9558347B2 (en) Detecting anomalous user behavior using generative models of user actions
US9804951B2 (en) Quantization of data streams of instrumented software
EP3243135B1 (en) Rule based continuous drift and consistency management for complex systems
GB2434670B (en) Monitoring and management of distributed information systems
US20120304288A1 (en) Modeling and Outlier Detection in Threat Management System Data
GB2579934A (en) Deferred update of database hashcode in blockchain
US20160057164A1 (en) Device for quantifying vulnerability of system and method therefor
CN103532949A (en) Self-adaptive trojan communication behavior detection method on basis of dynamic feedback
Moshtaghi et al. An adaptive elliptical anomaly detection model for wireless sensor networks
CN104158748A (en) Topology detection method based on cloud computing network
US8180716B2 (en) Method and device for forecasting computational needs of an application
CN110460608A (en) A kind of Situation Awareness method and system comprising association analysis
CN110474904A (en) A kind of Situation Awareness method and system improving prediction
CN114155083A (en) Transaction detection method, device and equipment based on block chain and readable storage medium
US11568056B2 (en) Methods and apparatuses for vulnerability detection and maintenance prediction in industrial control systems using hash data analytics
EP4008087A1 (en) Methods and devices for tracking and measuring proof-of-work contributions in a mining pool
US20170346834A1 (en) Relating to the monitoring of network security
CN108762734A (en) A kind of generation method and system of the software development scheme based on big data
GB2603686A (en) Updating detection models and maintaining data privacy
CN108027760B (en) Method and system for monitoring data storage device
CN110493217A (en) A kind of distributed Situation Awareness method and system
CN108768774B (en) Quantitative network security evaluation method and system
CN110493044A (en) A kind of method and system of quantifiable Situation Awareness
GB2608194A (en) Behavior modeling using client-hosted neural networks

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)