JPWO2020214587A5 - - Google Patents

Download PDF

Info

Publication number
JPWO2020214587A5
JPWO2020214587A5 JP2021561804A JP2021561804A JPWO2020214587A5 JP WO2020214587 A5 JPWO2020214587 A5 JP WO2020214587A5 JP 2021561804 A JP2021561804 A JP 2021561804A JP 2021561804 A JP2021561804 A JP 2021561804A JP WO2020214587 A5 JPWO2020214587 A5 JP WO2020214587A5
Authority
JP
Japan
Prior art keywords
action
count
actions
determining whether
act
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
JP2021561804A
Other languages
Japanese (ja)
Other versions
JP7539408B2 (en
JP2022529655A (en
Publication date
Priority claimed from US16/750,874 external-priority patent/US11757906B2/en
Application filed filed Critical
Publication of JP2022529655A publication Critical patent/JP2022529655A/en
Publication of JPWO2020214587A5 publication Critical patent/JPWO2020214587A5/ja
Application granted granted Critical
Publication of JP7539408B2 publication Critical patent/JP7539408B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Claims (20)

クラウド環境における異常なユーザ行動を検出する方法であって、
クラウド環境において現在の時間間隔中に取られたアクションのカウントを受取るステップと、
ピアグループにわたって前記アクションが取られた場合、前記アクションの前記カウントが、前の時間の統計的特徴付けよりも閾値量を超える分だけ大きいかどうかを判断するステップと、
前記アクションがアウトライアを表わすかどうかを判断するステップと、
前記アクションがアウトライアを表わすかどうかの判断に基づいてアラートを生成するステップとを含む、方法。 A method for detecting anomalous user behavior in a cloud environment, comprising:
receiving a count of actions taken during the current time interval in the cloud environment;
if the action is taken across peer groups, determining whether the count of the action is greater than a statistical characterization of the previous time by more than a threshold amount;
determining whether the action represents an outlier;
and generating an alert based on determining whether the action represents an outlier. 前記現在の時間間隔中に取られる前記アクションの前記カウントは、単一のユーザによって実行される単一のアクションタイプのカウントを含む、請求項1に記載の方法。 2. The method of claim 1, wherein the count of actions taken during the current time interval includes a count of single action types performed by a single user. 前記現在の時間間隔中に取られる前記アクションの前記カウントは、単一のリソースに対して実行される単一のアクションタイプのカウントを含む、請求項1または2に記載の方法。 3. A method according to claim 1 or 2 , wherein said count of said actions taken during said current time interval comprises a count of a single action type performed on a single resource. 前記現在の時間間隔中に記録されたアクションログから、単一のユーザにより、または単一のリソース上で、複数のアクションを集計することによって、前記現在の時間間隔中に取られた前記アクションの前記カウントを生成するステップをさらに含む、請求項1~3のいずれか1項に記載の方法。 of the actions taken during the current time interval by aggregating multiple actions by a single user or on a single resource from action logs recorded during the current time interval; A method according to any one of claims 1 to 3 , further comprising the step of generating said count. 前記閾値量は、前記アクションが前記ピアグループにわたって取られた場合、前記前の時間の前記統計的特徴付けを上回る予め定められた数の標準偏差を含む、請求項1~4のいずれか1項に記載の方法。 5. Any one of claims 1 to 4, wherein said threshold amount comprises a predetermined number of standard deviations above said statistical characterization of said previous time when said action was taken across said peer group. The method described in . 前記アクションの前記カウントが閾値量を超える分だけ大きいかどうかを判断するステップは、
前記アクションの前記カウントおよび前記アクションのタイプをニューラルネットワークに提供するステップと、
前記アクションがアウトライアを表わすかどうかを示す出力を前記ニューラルネットワークから受取るステップとを含む、請求項1~5のいずれか1項に記載の方法。 determining whether the count of the actions is greater than a threshold amount;
providing the count of the actions and the type of the action to a neural network;
receiving an output from the neural network indicating whether the action represents an outlier. 前記ニューラルネットワークは、前記アクションの前記カウント、前記アクションの前記タイプ、および前記アラートに対する応答を用いてトレーニングされる、請求項6に記載の方法。 7. The method of claim 6, wherein said neural network is trained with said count of said actions, said type of said actions, and responses to said alerts. 1つ以上のプロセッサによって実行されると前記1つ以上のプロセッサに動作を実行させる命令を含むコンピュータプログラムであって、前記動作は、
クラウド環境において現在の時間間隔中に取られたアクションのカウントを受取る動作と、
ピアグループにわたって前記アクションが取られた場合、前記アクションの前記カウントが、前の時間の統計的特徴付けよりも閾値量を超える分だけ大きいかどうかを判断する動作と、
前記アクションがアウトライアを表わすかどうかを判断する動作と、
前記アクションがアウトライアを表わすかどうかの判断に基づいてアラートを生成する動作とを含む、コンピュータプログラム A computer program comprising instructions that, when executed by one or more processors, causes the one or more processors to perform an action, the action comprising:
an act of receiving a count of actions taken during a current time interval in a cloud environment;
an act of determining whether, if the action was taken across a peer group, the count of the action is greater than a statistical characterization of a previous time by more than a threshold amount;
an act of determining whether the action represents an outlier;
generating an alert based on determining whether the action represents an outlier. 前記動作はさらに、
前記クラウド環境における複数の前の時間間隔中に取られたアクションを表わす第1のベクトルを算出する動作と、
前記第1のベクトルと、現在の時間間隔中に取られたアクションのカウントを含む第2のベクトルとの間の類似度を算出する動作とを含み、前記第2のベクトルは前記アクションの前記カウントも含み、前記動作はさらに、
1つ以上の異常アクションが発生したかどうかを判断するために、前記類似度をベースライン閾値と比較する動作と、
前記1つ以上の異常アクションが前記クラウド環境において発生したという判断に少なくとも部分的に基づいてアラートを生成する動作とを含む、請求項8に記載のコンピュータプログラムSaid operation further comprises:
an act of calculating a first vector representing actions taken during a plurality of previous time intervals in the cloud environment;
calculating a similarity between said first vector and a second vector comprising counts of actions taken during a current time interval, said second vector being said counts of said actions. also comprising:
an act of comparing the similarity measure to a baseline threshold to determine if one or more anomalous actions have occurred;
generating an alert based, at least in part, on determining that the one or more anomalous actions have occurred in the cloud environment. 前記類似度はコサイン類似度を用いて算出される、請求項9に記載のコンピュータプログラム10. The computer program product of claim 9, wherein the similarity is calculated using cosine similarity. 前記第1のベクトルにおける各エントリは、前記複数の前の時間間隔中の平均イベントスコアを含む、請求項9または10に記載のコンピュータプログラム11. The computer program product of claim 9 or 10 , wherein each entry in said first vector contains an average event score during said plurality of previous time intervals. 前記複数の前の時間間隔の各々は1日を含む、請求項9~11のいずれか1項に記載のコンピュータプログラム A computer program according to any one of claims 9 to 11, wherein each of said plurality of previous time intervals comprises one day. 前記複数の前の時間間隔は複数の日のスライディング窓を含み、前記複数の日のスライディング窓は、各時間間隔の後に、前記現在の時間間隔を前記複数の日のスライディング窓に追加し、前記複数の日のスライディング窓から最も古い時間間隔を除去する、請求項9~12のいずれか1項に記載のコンピュータプログラムThe plurality of previous time intervals includes a sliding window of days, the sliding window of days adding the current time interval to the sliding window of days after each time interval, and Computer program according to any one of claims 9 to 12 , for removing the oldest time intervals from a sliding window of multiple days. 前記第1のベクトルは、前記複数の前の時間間隔の各々に関するイベントカウントのヒストグラムを格納することによって、前記複数の前の時間間隔中に取られたアクションを表わす、請求項9~13のいずれか1項に記載のコンピュータプログラム 14. Any one of claims 9 to 13, wherein the first vector represents actions taken during the plurality of previous time intervals by storing a histogram of event counts for each of the plurality of previous time intervals. or a computer program according to claim 1 . システムであって、
1つ以上のプロセッサと、
前記1つ以上のプロセッサによって実行されると前記1つ以上のプロセッサに動作を実行させる命令を含む1つ以上のメモリデバイスとを含み、前記動作は、
クラウド環境において現在の時間間隔中に取られたアクションのカウントを受取る動作と、
ピアグループにわたって前記アクションが取られた場合、前記アクションの前記カウントが、前の時間の統計的特徴付けよりも閾値量を超える分だけ大きいかどうかを判断する動作と、
前記アクションがアウトライアを表わすかどうかを判断する動作と、
前記アクションがアウトライアを表わすかどうかの判断に基づいてアラートを生成する動作とを含む、システム。 a system,
one or more processors;
and one or more memory devices containing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations, the operations comprising:
an act of receiving a count of actions taken during a current time interval in a cloud environment;
an act of determining whether, if the action was taken across a peer group, the count of the action is greater than a statistical characterization of a previous time by more than a threshold amount;
an act of determining whether the action represents an outlier;
generating an alert based on determining whether the action represents an outlier. 前記アクションがアウトライアを表わすかどうかを判断する動作は、
前記アクションの前記カウントが、前記アクションについてのスケールファクタを乗じたアクションカウントのグローバル平均よりも大きいかどうかに関する第2の判断を実行する動作を含む、請求項15に記載のシステム。 The act of determining whether the action represents an outlier comprises:
16. The system of claim 15, comprising the act of performing a second determination as to whether the count for the action is greater than a global average of action counts multiplied by a scale factor for the action. 前記アクションがアウトライアを表わすかどうかを判断する動作は、
前記スケールファクタを、アクションカウントの前記グローバル平均に対するアクションカウントのローカル平均の比として算出する動作を含む、請求項16に記載のシステム
The act of determining whether the action represents an outlier comprises:
17. The system of claim 16, comprising calculating the scale factor as a ratio of a local average of action counts to the global average of action counts. 前記アクションがアウトライアを表わすかどうかを判断する動作は、
前記スケールファクタが前記アクションについての既存のスケールファクタよりも大きい場合、前記既存のスケールファクタを置換する動作を含む、請求項17に記載のシステム。 The act of determining whether the action represents an outlier comprises:
18. The system of claim 17, comprising replacing the existing scale factor if the scale factor is greater than an existing scale factor for the action. 前記アクションは、特定のユーザによって送信されるいくつかの電子メールを含む、請求項15~18のいずれか1項に記載のシステム。 A system according to any one of claims 15 to 18 , wherein said actions comprise several emails sent by a particular user. 前記アクションは、特定のユーザによって作成されるいくつかのフォルダを含む、請求項15~19のいずれか1項に記載のシステム。 A system according to any one of claims 15 to 19 , wherein said actions include a number of folders created by a particular user.
JP2021561804A 2019-04-18 2020-04-14 Detecting Cloud User Behavior Anomalies Regarding Outlier Actions Active JP7539408B2 (en)

Applications Claiming Priority (9)

Application Number Priority Date Filing Date Title
US201962835983P 2019-04-18 2019-04-18
US201962835993P 2019-04-18 2019-04-18
US201962835980P 2019-04-18 2019-04-18
US62/835,983 2019-04-18
US62/835,993 2019-04-18
US62/835,980 2019-04-18
US16/750,874 2020-01-23
US16/750,874 US11757906B2 (en) 2019-04-18 2020-01-23 Detecting behavior anomalies of cloud users for outlier actions
PCT/US2020/028108 WO2020214587A1 (en) 2019-04-18 2020-04-14 Detecting behavior anomalies of cloud users for outlier actions

Publications (3)

Publication Number Publication Date
JP2022529655A JP2022529655A (en) 2022-06-23
JPWO2020214587A5 true JPWO2020214587A5 (en) 2023-04-14
JP7539408B2 JP7539408B2 (en) 2024-08-23

Family

ID=72832113

Family Applications (2)

Application Number Title Priority Date Filing Date
JP2021561816A Pending JP2022529467A (en) 2019-04-18 2020-04-14 Detection of cloud user behavioral abnormalities
JP2021561804A Active JP7539408B2 (en) 2019-04-18 2020-04-14 Detecting Cloud User Behavior Anomalies Regarding Outlier Actions

Family Applications Before (1)

Application Number Title Priority Date Filing Date
JP2021561816A Pending JP2022529467A (en) 2019-04-18 2020-04-14 Detection of cloud user behavioral abnormalities

Country Status (5)

Country Link
US (3) US11288111B2 (en)
EP (2) EP3957048A1 (en)
JP (2) JP2022529467A (en)
CN (2) CN113940034B (en)
WO (2) WO2020214585A1 (en)

Families Citing this family (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11288111B2 (en) 2019-04-18 2022-03-29 Oracle International Corporation Entropy-based classification of human and digital entities
DE102019210227A1 (en) * 2019-07-10 2021-01-14 Robert Bosch Gmbh Device and method for anomaly detection in a communication network
US12088473B2 (en) 2019-10-23 2024-09-10 Aryaka Networks, Inc. Method, device and system for enhancing predictive classification of anomalous events in a cloud-based application acceleration as a service environment
US12095639B2 (en) 2019-10-23 2024-09-17 Aryaka Networks, Inc. Method, device and system for improving performance of point anomaly based data pattern change detection associated with network entity features in a cloud-based application acceleration as a service environment
US12050689B2 (en) * 2019-11-22 2024-07-30 Pure Storage, Inc. Host anomaly-based generation of snapshots
US11611576B2 (en) * 2019-12-11 2023-03-21 GE Precision Healthcare LLC Methods and systems for securing an imaging system
US11637910B2 (en) * 2020-08-20 2023-04-25 Zscaler, Inc. Cloud access security broker systems and methods with an in-memory data store
US11222134B2 (en) 2020-03-04 2022-01-11 Sotero, Inc. System and methods for data encryption and application-agnostic querying of encrypted data
US11734121B2 (en) * 2020-03-10 2023-08-22 EMC IP Holding Company LLC Systems and methods to achieve effective streaming of data blocks in data backups
US20220046406A1 (en) * 2020-08-07 2022-02-10 Nokia Technologies Oy Problem mitigation in subscriber profile management
US11979473B2 (en) 2020-08-20 2024-05-07 Zscaler, Inc. Cloud access security broker systems and methods with an in-memory data store
CN112016701B (en) * 2020-09-09 2023-09-15 四川大学 Abnormal change detection method and system integrating time sequence and attribute behaviors
US11609704B2 (en) * 2020-10-14 2023-03-21 Netapp, Inc. Visualization of outliers in a highly-skewed distribution of telemetry data
CN114546754A (en) * 2020-11-26 2022-05-27 北京四维图新科技股份有限公司 Automatic intelligent monitoring method and system and map data cloud platform
CN112783682B (en) * 2021-02-01 2022-02-22 福建多多云科技有限公司 Abnormal automatic repairing method based on cloud mobile phone service
US11714997B2 (en) * 2021-03-17 2023-08-01 Paypal, Inc. Analyzing sequences of interactions using a neural network with attention mechanism
US20220345457A1 (en) * 2021-04-22 2022-10-27 Microsoft Technology Licensing, Llc Anomaly-based mitigation of access request risk
JP7567070B2 (en) 2021-05-20 2024-10-15 ネットスコープ, インク. Confidence scoring of user compliance with organizational security policies
WO2022248892A1 (en) * 2021-05-26 2022-12-01 Citrix Systems, Inc. Reconstructing execution call flows to detect anomalies
US11210155B1 (en) * 2021-06-09 2021-12-28 International Business Machines Corporation Performance data analysis to reduce false alerts in a hybrid cloud environment
US20220400127A1 (en) * 2021-06-09 2022-12-15 Microsoft Technology Licensing, Llc Anomalous user activity timing determinations
US11501013B1 (en) * 2021-07-09 2022-11-15 Sotero, Inc. Autonomous machine learning methods for detecting and thwarting malicious database access
US20230040648A1 (en) * 2021-08-03 2023-02-09 Data Culpa, Inc. String entropy in a data pipeline
US11818219B2 (en) * 2021-09-02 2023-11-14 Paypal, Inc. Session management system
CN114764946B (en) * 2021-09-18 2023-08-11 北京甲板智慧科技有限公司 Action counting method and system based on time sequence standardization and intelligent terminal
US20230186221A1 (en) * 2021-12-14 2023-06-15 Fmr Llc Systems and methods for job role quality assessment
CN114513435B (en) * 2022-01-14 2024-08-27 深信服科技股份有限公司 Method for detecting VPN tunnel, electronic device and storage medium
US11663325B1 (en) * 2022-04-05 2023-05-30 Cyberark Software Ltd. Mitigation of privilege escalation
US20230379346A1 (en) * 2022-05-18 2023-11-23 Microsoft Technology Licensing, Llc Threat detection for cloud applications
US11743280B1 (en) * 2022-07-29 2023-08-29 Intuit Inc. Identifying clusters with anomaly detection
US20240080186A1 (en) * 2022-09-07 2024-03-07 Google Llc Random Trigger for Automatic Key Rotation
US12032694B2 (en) 2022-09-14 2024-07-09 Sotero, Inc. Autonomous machine learning methods for detecting and thwarting ransomware attacks
CN115223104B (en) * 2022-09-14 2022-12-02 深圳市睿拓新科技有限公司 Method and system for detecting illegal operation behaviors based on scene recognition
US20240232392A9 (en) * 2022-10-21 2024-07-11 Microsoft Technology Licensing, Llc Access decision management system for digital resources
WO2024144778A1 (en) * 2022-12-29 2024-07-04 Varonis Systems, Inc. Indicators of compromise of access

Family Cites Families (46)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE4135034C2 (en) * 1991-10-23 1995-04-13 Deutsche Forsch Luft Raumfahrt Device for controlling the orbit of at least two co-positioned geostationary satellites
US7657935B2 (en) * 2001-08-16 2010-02-02 The Trustees Of Columbia University In The City Of New York System and methods for detecting malicious email transmission
US7191119B2 (en) * 2002-05-07 2007-03-13 International Business Machines Corporation Integrated development tool for building a natural language understanding application
CA2531410A1 (en) 2005-12-23 2007-06-23 Snipe Network Security Corporation Behavioural-based network anomaly detection based on user and group profiling
US8204982B2 (en) 2006-09-14 2012-06-19 Quova, Inc. System and method of middlebox detection and characterization
US9609015B2 (en) 2008-05-28 2017-03-28 Zscaler, Inc. Systems and methods for dynamic cloud-based malware behavior analysis
US8566956B2 (en) 2010-06-23 2013-10-22 Salesforce.Com, Inc. Monitoring and reporting of data access behavior of authorized database users
KR20120105759A (en) 2011-03-16 2012-09-26 한국전자통신연구원 Malicious code visualization apparatus, apparatus and method for detecting malicious code
US8621586B1 (en) 2011-09-28 2013-12-31 Emc Corporation Using baseline profiles in adaptive authentication
US8830057B1 (en) 2012-02-09 2014-09-09 Google Inc. Systems and methods for using robots to monitor environmental conditions in an environment
CN103338188B (en) * 2013-06-08 2016-02-10 北京大学 A kind of dynamic authentication method of client side being applicable to mobile cloud
FR3024260B1 (en) * 2014-07-25 2016-07-29 Suez Environnement METHOD FOR DETECTING ANOMALIES IN A DISTRIBUTION NETWORK, ESPECIALLY DRINKING WATER
US9805193B1 (en) * 2014-12-18 2017-10-31 Palo Alto Networks, Inc. Collecting algorithmically generated domains
US9807086B2 (en) * 2015-04-15 2017-10-31 Citrix Systems, Inc. Authentication of a client device based on entropy from a server or other device
US9917852B1 (en) 2015-06-29 2018-03-13 Palo Alto Networks, Inc. DGA behavior detection
RU2617631C2 (en) 2015-09-30 2017-04-25 Акционерное общество "Лаборатория Касперского" Method for detection working malicious software runned from client, on server
NL2015680B1 (en) 2015-10-29 2017-05-31 Opt/Net Consulting B V Anomaly detection in a data stream.
CN105677538B (en) 2016-01-11 2018-01-26 中国科学院软件研究所 A kind of cloud computing system self-adaptive monitoring method based on failure predication
EP3427437A4 (en) * 2016-03-10 2019-10-23 Telefonaktiebolaget LM Ericsson (PUBL) Ddos defence in a packet-switched network
US10372910B2 (en) * 2016-06-20 2019-08-06 Jask Labs Inc. Method for predicting and characterizing cyber attacks
US10140260B2 (en) 2016-07-15 2018-11-27 Sap Se Intelligent text reduction for graphical interface elements
US10715533B2 (en) 2016-07-26 2020-07-14 Microsoft Technology Licensing, Llc. Remediation for ransomware attacks on cloud drive folders
US10045218B1 (en) 2016-07-27 2018-08-07 Argyle Data, Inc. Anomaly detection in streaming telephone network data
US10075463B2 (en) 2016-09-09 2018-09-11 Ca, Inc. Bot detection system based on deep learning
KR102464390B1 (en) 2016-10-24 2022-11-04 삼성에스디에스 주식회사 Method and apparatus for detecting anomaly based on behavior analysis
JP2018081655A (en) 2016-11-18 2018-05-24 富士通株式会社 Unauthorized operation monitoring device, unauthorized operation monitoring method, unauthorized operation monitoring program, and unauthorized operation monitoring system
US10320819B2 (en) 2017-02-27 2019-06-11 Amazon Technologies, Inc. Intelligent security management
CN107302547B (en) * 2017-08-21 2021-07-02 深信服科技股份有限公司 Web service anomaly detection method and device
CN108334530B (en) 2017-08-24 2021-12-07 平安普惠企业管理有限公司 User behavior information analysis method, device and storage medium
US20190109870A1 (en) 2017-09-14 2019-04-11 Commvault Systems, Inc. Ransomware detection and intelligent restore
US10678692B2 (en) * 2017-09-19 2020-06-09 Intel Corporation Method and system for coordinating baseline and secondary prefetchers
US10623429B1 (en) * 2017-09-22 2020-04-14 Amazon Technologies, Inc. Network management using entropy-based signatures
US11637844B2 (en) * 2017-09-28 2023-04-25 Oracle International Corporation Cloud-based threat detection
US20190102361A1 (en) 2017-09-29 2019-04-04 Linkedin Corporation Automatically detecting and managing anomalies in statistical models
US10735457B2 (en) * 2017-10-03 2020-08-04 Microsoft Technology Licensing, Llc Intrusion investigation
US10417335B2 (en) 2017-10-10 2019-09-17 Colossio, Inc. Automated quantitative assessment of text complexity
CN108040067B (en) 2017-12-26 2021-07-06 北京星河星云信息技术有限公司 Cloud platform intrusion detection method, device and system
CN108564592B (en) * 2018-03-05 2021-05-11 华侨大学 Image segmentation method based on dynamic multi-population integration differential evolution algorithm
CN108334875A (en) * 2018-04-26 2018-07-27 南京邮电大学 Vena characteristic extracting method based on adaptive multi-thresholding
US11055411B2 (en) 2018-05-10 2021-07-06 Acronis International Gmbh System and method for protection against ransomware attacks
US11555699B2 (en) * 2018-05-24 2023-01-17 Nextnav, Llc Systems and methods for determining when an estimated altitude of a mobile device can be used for calibration or location determination
US11030322B2 (en) * 2018-10-24 2021-06-08 International Business Machines Corporation Recommending the most relevant and urgent vulnerabilities within a security management system
US11687761B2 (en) * 2018-12-11 2023-06-27 Amazon Technologies, Inc. Improper neural network input detection and handling
US11470110B2 (en) 2019-02-08 2022-10-11 Imperva, Inc. Identifying and classifying community attacks
US20220126878A1 (en) 2019-03-29 2022-04-28 Intel Corporation Autonomous vehicle system
US11288111B2 (en) 2019-04-18 2022-03-29 Oracle International Corporation Entropy-based classification of human and digital entities

Similar Documents

Publication Publication Date Title
JPWO2020214587A5 (en)
US11151014B2 (en) System operational analytics using additional features for health score computation
JPWO2020214585A5 (en)
US10592308B2 (en) Aggregation based event identification
US10242087B2 (en) Cluster evaluation in unsupervised learning of continuous data
US10419269B2 (en) Anomaly detection
CN107301118B (en) A kind of fault indices automatic marking method and system based on log
US8468161B2 (en) Determining a seasonal effect in temporal data
JP6714152B2 (en) Analytical apparatus, analytical method and analytical program
CN112882796A (en) Abnormal root cause analysis method and apparatus, and storage medium
CN113535454B (en) Log data anomaly detection method and device
US10705940B2 (en) System operational analytics using normalized likelihood scores
Chandolikar et al. Efficient algorithm for intrusion attack classification by analyzing KDD Cup 99
US12001546B2 (en) Systems and methods for causality-based multivariate time series anomaly detection
US10733514B1 (en) Methods and apparatus for multi-site time series data analysis
CN113515434A (en) Abnormity classification method, abnormity classification device, abnormity classification equipment and storage medium
CN110796591A (en) GPU card using method and related equipment
CN107085544B (en) System error positioning method and device
CN114416410A (en) Anomaly analysis method and device and computer-readable storage medium
CN115858606A (en) Method, device and equipment for detecting abnormity of time series data and storage medium
CN111783883A (en) Abnormal data detection method and device
CN108073464A (en) A kind of time series data abnormal point detecting method and device based on speed and acceleration
CN111768219B (en) Advertisement crowd experiment method, device and storage medium
CN114756401B (en) Abnormal node detection method, device, equipment and medium based on log
CN111309706A (en) Model training method and device, readable storage medium and electronic equipment