USING FREQUENCY ANALYSIS IN ENTERPRISE THREAT DETECTION TO DETECT INTRUSIONS IN A COMPUTER SYSTEM

US 20180176238A1
Filed: 12/15/2016
Published: 06/21/2018
Est. Priority Date: 12/15/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving time domain activity data for a computer system, wherein the time domain activity data comprise activity records associated with the computer system in a time domain;

computing, by a hardware processor, frequency domain activity data based on the time domain activity data; and

displaying the frequency domain activity data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure describes methods, systems, and computer program products for performing a frequency domain analysis of activity data for a computer system. One computer-implemented method receiving time domain activity data for a computer system, wherein the time domain activity data comprise activity records associated with the computer system in a time domain; computing, by a hardware processor, frequency domain activity data based on the time domain activity data; and displaying the frequency domain activity data.

193 Citations

20 Claims

1. A computer-implemented method, comprising:
- receiving time domain activity data for a computer system, wherein the time domain activity data comprise activity records associated with the computer system in a time domain;
  
  computing, by a hardware processor, frequency domain activity data based on the time domain activity data; and
  
  displaying the frequency domain activity data.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, wherein the frequency domain activity data are computed using Fourier Transform.
  - 3. The computer-implemented method of claim 1, wherein computing, by the hardware processor, frequency domain activity data based on the time domain activity data comprise:
    - grouping the time domain activity data into a plurality of groups, each of the plurality of groups comprises time domain activity data in a time period; and
      
      for each of the groups, computing frequency domain activity data based on the time domain activity data in the respective group.
  - 4. The computer-implemented method of claim 3, wherein the frequency domain activity data for each group are displayed consecutively.
  - 5. The computer-implemented method of claim 4, wherein the frequency domain activity data for each group are displayed using an animated format.
  - 6. The computer-implemented method of claim 3, further comprising:
    - determining a maximum amplitudes of the frequency domain activity data; and
      
      displaying a user interface object indicating the maximum amplitude.
  - 7. The computer-implemented method of claim 1, wherein the activity records indicate time at which jobs are executed on the computer system.

8. A computer-implemented system, comprising:
- a computer memory; and
  
  a hardware processor interoperably coupled with the computer memory and configured to perform operations comprising;
  
  receiving time domain activity data for a computer system, wherein the time domain activity data comprise activity records for the computer system in a time domaincomputing frequency domain activity data based on the time domain activity data; and
  
  displaying the frequency domain activity data.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-implemented system of claim 8, wherein the frequency domain activity data are computed using Fourier Transform.
  - 10. The computer-implemented system of claim 8, wherein computing frequency domain activity data based on the time domain activity data comprise:
    - grouping the time domain activity data into a plurality of groups, each of the plurality of groups comprises time domain activity data in a time period; and
      
      for each of the groups, computing frequency domain activity data based on the time domain activity data in the respective group.
  - 11. The computer-implemented system of claim 10, wherein the frequency domain activity data for each group are displayed consecutively.
  - 12. The computer-implemented system of claim 11, wherein the frequency domain activity data for each group are displayed using an animated format.
  - 13. The computer-implemented system of claim 10, the operations further comprising:
    - determining a maximum amplitudes of the frequency domain activity data; and
      
      displaying a user interface object indicating the maximum amplitude.
  - 14. The computer-implemented system of claim 8, wherein the activity records indicate time at which jobs are executed on the computer system.

15. A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations comprising:
- receiving time domain activity data for a computer system, wherein the time domain activity data comprise activity records for the computer system in a time domain;
  
  computing, by a hardware processor, frequency domain activity data based on the time domain activity data; and
  
  displaying the frequency domain activity data.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory, computer-readable medium of claim 15, wherein the frequency domain activity data are computed using Fourier Transform.
  - 17. The non-transitory, computer-readable medium of claim 15, wherein computing frequency domain activity data based on the time domain activity data comprise:
    - grouping the time domain activity data into a plurality of groups, each of the plurality of groups comprises time domain activity data in a time period; and
      
      for each of the groups, computing frequency domain activity data based on the time domain activity data in the respective group.
  - 18. The non-transitory, computer-readable medium of claim 17, wherein the frequency domain activity data for each group are displayed consecutively.
  - 19. The non-transitory, computer-readable medium of claim 18, wherein the frequency domain activity data for each group are displayed using an animated format.
  - 20. The non-transitory, computer-readable medium of claim 17, the operations further comprising:
    - determining a maximum amplitudes of the frequency domain activity data; and
      
      displaying a user interface object indicating the maximum amplitude.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Nos, Kathrin, Guzman, Volker, Klose, Marvin

Granted Patent

US 10,530,792 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/56   Computer malware detection ...

H04L 63/02   for separating internal fro...

H04L 63/14   for detecting or protecting...

H04L 63/1425   Traffic logging, e.g. anoma...

USING FREQUENCY ANALYSIS IN ENTERPRISE THREAT DETECTION TO DETECT INTRUSIONS IN A COMPUTER SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

193 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

USING FREQUENCY ANALYSIS IN ENTERPRISE THREAT DETECTION TO DETECT INTRUSIONS IN A COMPUTER SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

193 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links