Systems, Methods, and Media for Outputting Data Based Upon Anomaly Detection
First Claim
1. A method for outputting data based on anomaly detection, comprising:
- receiving a known-good dataset;
storing distinct n-grams from the known-good dataset to form a binary anomaly detection model;
receiving known-good new n-grams;
computing a rate of receipt of distinct n-grams in the new n-grams;
determining whether further training of the anomaly detection model is necessary based on the rate of receipt on distinct n-grams;
using the binary anomaly detection model to determine whether an input dataset contains an anomaly; and
outputting the input dataset based on whether the input dataset contains an anomaly.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods, and media for outputting data based on anomaly detection are provided. In some embodiments, methods for outputting data based on anomaly detection include: receiving a known-good dataset; storing distinct n-grams from the known-good dataset to form a binary anomaly detection model; receiving known-good new n-grams; computing a rate of receipt of distinct n-grams in the new n-grams; determining whether further training of the anomaly detection model is necessary based on the rate of receipt on distinct n-grams; using the binary anomaly detection model to determine whether an input dataset contains an anomaly; and outputting the input dataset based on whether the input dataset contains an anomaly.
354 Citations
75 Claims
-
1. A method for outputting data based on anomaly detection, comprising:
-
receiving a known-good dataset; storing distinct n-grams from the known-good dataset to form a binary anomaly detection model; receiving known-good new n-grams; computing a rate of receipt of distinct n-grams in the new n-grams; determining whether further training of the anomaly detection model is necessary based on the rate of receipt on distinct n-grams; using the binary anomaly detection model to determine whether an input dataset contains an anomaly; and outputting the input dataset based on whether the input dataset contains an anomaly. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for outputting data based on anomaly detection, comprising:
-
receiving known anomaly signatures; generating n-grams of different sizes using the known anomaly signatures; storing abnormal n-grams in the n-grams of different sizes in a binary anomaly detection model; using the binary anomaly detection model to determine whether an input dataset contains an anomaly; and outputting the input dataset based on whether the input dataset contains an anomaly. - View Dependent Claims (7, 8, 9)
-
-
10. A method for outputting data based on anomaly detection, comprising:
-
receiving a shared binary anomaly detection model; comparing the shared binary anomaly detection model with a local anomaly detection model; combining the shared binary anomaly detection model with the local anomaly detection model to form a new binary anomaly detection model; using the model to determine whether an input dataset contains an anomaly; and outputting the input dataset based on whether the input dataset contains an anomaly. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A method for outputting data based on anomaly detection, comprising:
- receiving an input dataset;
generating n-grams of different sizes from the input dataset; counting the number of distinct n-grams in the n-grams of different sizes that are not present in a binary anomaly detection model; computing an anomaly score based upon the number of distinct n-grams and a total count of the n-grams in the input dataset; using the anomaly score to determine whether an input dataset contains an anomaly; and outputting the input dataset based on whether the input dataset contains an anomaly. - View Dependent Claims (17, 18, 19)
- receiving an input dataset;
-
20. A method for outputting data based on anomaly detection, comprising:
- receive an input dataset;
using a binary anomaly detection model to determine whether an input dataset is likely to contain an anomaly; if the input dataset is determined to be likely to contain an anomaly, dropping the input dataset; and if the input dataset is determined to be unlikely to contain an anomaly, outputting the input dataset based on whether the input dataset contains an anomaly. - View Dependent Claims (21, 22, 23, 24, 25)
- receive an input dataset;
-
26. A computer-readable medium containing computer-executable instructions that, when executed by a processor, cause the processor to perform a method for outputting data based on anomaly detection, the method comprising:
-
receiving a known-good dataset; storing distinct n-grams from the known-good dataset to form a binary anomaly detection model; receiving known-good new n-grams; computing a rate of receipt of distinct n-grams in the new n-grams; determining whether further training of the anomaly detection model is necessary based on the rate of receipt on distinct n-grams; using the binary anomaly detection model to determine whether an input dataset contains an anomaly; and outputting the input dataset based on whether the input dataset contains an anomaly. - View Dependent Claims (27, 28, 29, 30)
-
-
31. A computer-readable medium containing computer-executable instructions that, when executed by a processor, cause the processor to perform a method for outputting data based on anomaly detection, the method comprising:
-
receiving known anomaly signatures; generating n-grams of different sizes using the known anomaly signatures; storing abnormal n-grams in the n-grams of different sizes in a binary anomaly detection model; using the binary anomaly detection model to determine whether an input dataset contains an anomaly; and outputting the input dataset based on whether the input dataset contains an anomaly. - View Dependent Claims (32, 33, 34)
-
-
35. A computer-readable medium containing computer-executable instructions that, when executed by a processor, cause the processor to perform a method for outputting data based on anomaly detection, the method comprising:
-
receiving a shared binary anomaly detection model; comparing the shared binary anomaly detection model with a local anomaly detection model; combining the shared binary anomaly detection model with the local anomaly detection model to form a new binary anomaly detection model; using the model to determine whether an input dataset contains an anomaly; and outputting the input dataset based on whether the input dataset contains an anomaly. - View Dependent Claims (36, 37, 38, 39, 40)
-
-
41. A computer-readable medium containing computer-executable instructions that, when executed by a processor, cause the processor to perform a method for outputting data based on anomaly detection, the method comprising:
-
receiving an input dataset; generating n-grams of different sizes from the input dataset; counting the number of distinct n-grams in the n-grams of different sizes that are not present in a binary anomaly detection model; computing an anomaly score based upon the number of distinct n-grams and a total count of the n-grams in the input dataset; using the anomaly score to determine whether an input dataset contains an anomaly; and outputting the input dataset based on whether the input dataset contains an anomaly. - View Dependent Claims (42, 43, 44)
-
-
45. A computer-readable medium containing computer-executable instructions that, when executed by a processor, cause the processor to perform a method for outputting data based on anomaly detection, the method comprising:
-
receiving an input dataset; using a binary anomaly detection model to determine whether an input dataset is likely to contain an anomaly; if the input dataset is determined to be likely to contain an anomaly, dropping the input dataset; and if the input dataset is determined to be unlikely to contain an anomaly, outputting the input dataset based on whether the input dataset contains an anomaly. - View Dependent Claims (46, 47, 48, 49, 50)
-
-
51. A system for outputting data based on anomaly detection, comprising:
a digital processing device that; receives a known-good dataset; stores distinct n-grams from the known-good dataset to form a binary anomaly detection model; receives known-good new n-grams; computes a rate of receipt of distinct n-grams in the new n-grams; determines whether further training of the anomaly detection model is necessary based on the rate of receipt on distinct n-grams; uses the binary anomaly detection model to determine whether an input dataset contains an anomaly; and outputs the input dataset based on whether the input dataset contains an anomaly. - View Dependent Claims (52, 53, 54, 55)
-
56. A system for outputting data based on anomaly detection, comprising:
a digital processing device that; receives known anomaly signatures; generates n-grams of different sizes using the known anomaly signatures; stores abnormal n-grams in the n-grams of different sizes in a binary anomaly detection model; uses the binary anomaly detection model to determine whether an input dataset contains an anomaly; and outputs the input dataset based on whether the input dataset contains an anomaly. - View Dependent Claims (57, 58, 59)
-
60. A system for outputting data based on anomaly detection, comprising:
a digital processing device that; receives a shared binary anomaly detection model; compares the shared binary anomaly detection model with a local anomaly detection model; combines the shared binary anomaly detection model with the local anomaly detection model to form a new binary anomaly detection model; uses the model to determine whether an input dataset contains an anomaly; and outputs the input dataset based on whether the input dataset contains an anomaly. - View Dependent Claims (61, 62, 63, 64, 65)
-
66. A system for outputting data based on anomaly detection, comprising:
a digital processing device that; receives an input dataset; generates n-grams of different sizes from the input dataset; counts the number of distinct n-grams in the n-grams of different sizes that are not present in a binary anomaly detection model; computes an anomaly score based upon the number of distinct n-grams and a total count of the n-grams in the input dataset; uses the anomaly score to determine whether an input dataset contains an anomaly; and outputs the input dataset based on whether the input dataset contains an anomaly. - View Dependent Claims (67, 68, 69)
-
70. A system for outputting data based on anomaly detection, comprising:
a digital processing device that; receives an input dataset; uses a binary anomaly detection model to determine whether an input dataset is likely to contain an anomaly; if the input dataset is determined to be likely to contain an anomaly, drops the input dataset; and if the input dataset is determined to be unlikely to contain an anomaly, outputs the input dataset based on whether the input dataset contains an anomaly. - View Dependent Claims (71, 72, 73, 74, 75)
Specification