DISTRIBUTED DETECTION WITH DIAGNOSIS

US 20080103729A1
Filed: 10/31/2006
Published: 05/01/2008
Est. Priority Date: 10/31/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method for distributed anomaly diagnosis, comprising:

detecting an anomaly at a first computer on a network;

querying an activity model at the first computer to determine the source of the anomaly;

determining a second computer that the first computer receives data from; and

querying an activity model of the second computer to determine the source of the anomaly; and

combining the results from the activity models to create a report indicating a probable cause of the anomaly.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Activity models are maintained on a plurality of computers on a network. When a user or a particular activity model at a computer discovers an error, it may query its own activity model to determine a possible source of the error. If it is determined to not be the likely source of the error, the activity model queries the activity models of those computers on the network that it depends on. These activity models may then query the activity models of the computers that their particular host computer depends on and so forth. Ultimately the results of these activity model queries may be used to diagnose the likely source of the error and may be presented to the requesting user as a report.

Citations

18 Claims

1. A method for distributed anomaly diagnosis, comprising:
- detecting an anomaly at a first computer on a network;
  
  querying an activity model at the first computer to determine the source of the anomaly;
  
  determining a second computer that the first computer receives data from; and
  
  querying an activity model of the second computer to determine the source of the anomaly; and
  
  combining the results from the activity models to create a report indicating a probable cause of the anomaly.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9)
- - 3. The method of claim 1, wherein the anomaly is detected by an activity model.
  - 4. The method of claim 1, wherein the anomaly is detected by a user.
  - 5. The method of claim 1, further comprising determining a third computer that the second computer receives data from, and querying an activity model of the third computer to determine the source of the problem.
  - 6. The method of claim 1, wherein querying the activity model comprises collecting a window of input and output data from the computer, and querying the activity model with the window of input and output data.
  - 7. The method of claim 6, wherein the input and output data comprises packets.
  - 8. The method of claim 1, wherein determining a second computer that the first computer receives data from comprises querying the activity model to determine a computer that the first computer receives packets from.
  - 9. The method of claim 1, wherein the detected anomaly is a service error, and the queried activity model comprises an activity model specific to the service associated with the error.

2. (canceled)

10. A method for diagnosing system failures using an activity model, comprising:
- maintaining a buffer of the most recent data send to and from a host computer;
  
  detecting a system failure by the host computer; and
  
  querying an activity model associated with the host computer using the buffer of data.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10, wherein the data comprises packet data.
  - 12. The method of claim 10, wherein the host computer is part of a network of computers wherein each of the computers has an associated activity model and maintains a buffer of the most recent data received and sent from the computer, and further comprising:
    - determining the computers that the host computer is connected to; and
      
      querying the activity models of the determined connected computers with their respective buffer of data.
  - 13. The method of claim 12, wherein determining the computers that the host computer is connected to comprises determining the computers that the host computer sends or receives packets from.
  - 14. The method of claim 12, wherein determining the computers that the host computer is connected to comprises querying the activity model to determine the computers that the host computer receives the most packets from.
  - 15. The method of claim 10, wherein the system failure is associated with a particular service, and further comprising querying a service specific activity model associated with the host computer using the buffer of data.

16. A method of determining the effect of a change in a computer system, comprising:
- selecting a service to modify in a computer system;
  
  querying an activity model associated with the computer system to determine other services and other computers that are dependent on the selected service; and
  
  generating a report including the determined other services and other computers that are dependent on the selected service.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, wherein the determined other computers have associated activity models, and further comprising querying the associated activity models of the determined other computers to determine other services and other computers that may be dependent on the selected service.
  - 18. The method of claim 16, wherein the generated report includes the probability that a particular computer or service will be affected by the selected service modification.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Goldszmidt, Moises, Black, Richard, Mortier, Richard, MacCormick, John, Isaacs, Rebecca, Barham, Paul

Application Number

US11/554,980
Publication Number

US 20080103729A1
Time in Patent Office

Days
Field of Search
US Class Current

702/183
CPC Class Codes

H04L 41/06   Management of faults, event...

H04L 41/147   for predicting network beha...

H04L 41/16   using machine learning or a...

H04L 43/0811   by checking connectivity

DISTRIBUTED DETECTION WITH DIAGNOSIS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

DISTRIBUTED DETECTION WITH DIAGNOSIS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links