Model workflow control in a distributed computation system
First Claim
1. A computer-implemented method comprising:
- obtaining, from a model registry, a model type definition that includes a reference to a processing mode specifier of a model workflow, the processing mode specifier identifying at least a real-time processing mode or a batch processing mode;
implementing a model execution engine in a distributed computation system to utilize machine learning models to detect computer security related anomalies or threats in a computer network, wherein models are assigned to corresponding instances of the model execution engine based on information in the model registry;
assigning the model workflow to the distributed computation system based on the processing mode specifier; and
scheduling, according to the model workflow, a model processing thread that corresponds to a model processing logic in the distributed computation system.
1 Assignment
0 Petitions
Accused Products
Abstract
A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.
-
Citations
30 Claims
-
1. A computer-implemented method comprising:
-
obtaining, from a model registry, a model type definition that includes a reference to a processing mode specifier of a model workflow, the processing mode specifier identifying at least a real-time processing mode or a batch processing mode; implementing a model execution engine in a distributed computation system to utilize machine learning models to detect computer security related anomalies or threats in a computer network, wherein models are assigned to corresponding instances of the model execution engine based on information in the model registry; assigning the model workflow to the distributed computation system based on the processing mode specifier; and scheduling, according to the model workflow, a model processing thread that corresponds to a model processing logic in the distributed computation system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A system comprising:
-
a distributed computation system; a model registry configured to store a model type definition including a reference to a processing mode specifier of a model workflow, the processing mode specifier identifying at least one of a real-time processing mode or a batch processing mode; and a model execution engine implemented on the distributed computation system to utilize machine learning models to detect computer security related anomalies or threats in a computer network, wherein models are assigned to corresponding instances of the model execution engine based on information in the model registry; wherein the model execution engine is configured to; assign the model workflow to the distributed computation system based on the processing mode specifier; and schedule, according to the model workflow, a model processing thread that corresponds to a model processing logic in the distributed computation system.
-
-
30. A non-transitory computer readable medium storing instructions there on which, when executed by a processor, cause the processor to:
-
obtain, from a model registry, a model type definition that includes a reference to a processing mode specifier of a model workflow, the processing mode specifier identifying at least a real-time processing mode or a batch processing mode; implement a model execution engine in a distributed computation system to utilize machine learning models to detect computer security related anomalies or threats in a computer network, wherein models are assigned to corresponding instances of the model execution engine based on information in the model registry; assign the model workflow to the distributed computation system based on the processing mode specifier; and schedule, according to the model workflow, a model processing thread that corresponds to a model processing logic in the distributed computation system.
-
Specification