System and method for clustering host inventories
First Claim
1. A computer implemented method, executed by one or more processors comprising:
- obtaining a plurality of host file inventories corresponding respectively to a plurality of hosts in a network environment, wherein each of the plurality of host file inventories includes one or more file identifiers, each of the file identifiers of a particular host file inventory representing a different executable file on one of the plurality of hosts corresponding to the particular host file inventory;
calculating input data by transforming the plurality of host file inventories into a matrix of keyword vectors in Euclidean space based on a keyword sequence, wherein each keyword of the keyword sequence is unique, wherein each one of the plurality of hosts corresponds to one of the keyword vectors; and
providing the input data to a clustering procedure to group the plurality of hosts into one or more clusters of hosts, wherein the one or more clusters of hosts are grouped using a predetermined similarity criteria.
10 Assignments
0 Petitions
Accused Products
Abstract
A method in one example implementation includes obtaining a plurality of host file inventories corresponding respectively to a plurality of hosts, calculating input data using the plurality of host file inventories, and then providing the input data to a clustering procedure to group the plurality of hosts into one or more clusters of hosts. The method further includes each cluster of hosts being grouped using predetermined similarity criteria. In more specific embodiments, each of the host file inventories includes a set of one or more file identifiers with each file identifier representing a different executable software file on a corresponding one of the plurality of hosts. In other more specific embodiments, calculating the input data includes transforming the host file inventories into a matrix of keyword vectors in Euclidean space. In further embodiments, calculating the input data includes transforming the host file inventories into a similarity matrix.
-
Citations
21 Claims
-
1. A computer implemented method, executed by one or more processors comprising:
-
obtaining a plurality of host file inventories corresponding respectively to a plurality of hosts in a network environment, wherein each of the plurality of host file inventories includes one or more file identifiers, each of the file identifiers of a particular host file inventory representing a different executable file on one of the plurality of hosts corresponding to the particular host file inventory; calculating input data by transforming the plurality of host file inventories into a matrix of keyword vectors in Euclidean space based on a keyword sequence, wherein each keyword of the keyword sequence is unique, wherein each one of the plurality of hosts corresponds to one of the keyword vectors; and providing the input data to a clustering procedure to group the plurality of hosts into one or more clusters of hosts, wherein the one or more clusters of hosts are grouped using a predetermined similarity criteria. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. Logic encoded in one or more non-transitory media that includes code for execution and when executed by a processor is operable to perform operations comprising:
-
obtaining a plurality of host file inventories corresponding respectively to a plurality of hosts in a network environment, wherein each of the plurality of host file inventories includes one or more file identifiers, each of the file identifiers of a particular host file inventory representing a different executable file on one of the plurality of hosts corresponding to the particular host file inventory; calculating input data by transforming the plurality of host file inventories into a matrix of keyword vectors in Euclidean space based on a keyword sequence, wherein each keyword of the keyword sequence is unique, wherein each one of the plurality of hosts corresponds to one of the keyword vectors; and providing the input data to a clustering procedure to group the plurality of hosts into one or more clusters of hosts, wherein the one or more clusters of hosts are grouped using a predetermined similarity criteria. - View Dependent Claims (17, 18)
-
-
19. An apparatus, comprising:
-
a host inventory preparation module; a processor operable to execute instructions associated with the host inventory preparation module, including; obtaining a plurality of host file inventories corresponding respectively to a plurality of hosts in a network environment, wherein each of the plurality of host file inventories includes one or more file identifiers, each of the file identifiers of a particular host file inventory representing a different executable file on one of the plurality of hosts corresponding to the particular host file inventory; calculating input data by transforming the plurality of host file inventories into a matrix of keyword vectors in Euclidean space based on a keyword sequence, wherein each keyword of the keyword sequence is unique, wherein each one of the plurality of hosts corresponds to one of the keyword vectors; and providing the input data to a clustering procedure to group the plurality of hosts into one or more clusters of hosts, wherein the one or more clusters of hosts are grouped using a predetermined similarity criteria. - View Dependent Claims (20, 21)
-
Specification