Process risk classification

US 9,760,716 B1
Filed: 05/08/2017
Issued: 09/12/2017
Est. Priority Date: 06/05/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

obtaining (i) a set of one or more initial features that are associated with an initial execution of a particular process, and (ii) a set of one or more subsequent features that are associated with a subsequent execution of a particular process;

providing (i) the set of one or more initial features that are associated with an initial execution of a particular process, and (ii) the set of one or more subsequent features that are associated with a subsequent execution of a particular process, to a process risk classifier that is trained, based on (i) a given set of one or more initial features that are associated with an initial execution of a given process and (ii) a given set of one or more subsequent features that are associated with a subsequent execution of a given process, to output a risk score that quantifies an estimated amount of risk associated with the given process;

in response to providing (i) the set of one or more initial features that are associated with an initial execution of a particular process, and (ii) the set of one or more subsequent features that are associated with a subsequent execution of a particular process, receiving, from the process risk classifier, a particular risk score that quantifies an estimated amount of risk associated with the particular process; and

selectively placing the subsequent or later executions of the particular process in an isolating computing environment based at least on the particular risk score that quantifies the estimated amount of risk associated with the particular process.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one implementation, a computer-implemented method includes receiving, at a process risk classifier running on a computer system, a request to determine a risk level for a particular process; accessing one or more signatures that provide one or more snapshots of characteristics of the particular process at one or more previous times; identifying one or more differences between the particular process in its current form and the one or more signatures; accessing information identifying previous usage of the computer system'"'"'s resources by the particular process; determining a current risk score for the particular process based, at least in part, on (i) the one or more signatures for the particular process, (ii) the one or more differences between the particular process in its current form and the one or more signatures, and (iii) the previous usage of the resources; and providing the current risk score for the particular process.

46 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- obtaining (i) a set of one or more initial features that are associated with an initial execution of a particular process, and (ii) a set of one or more subsequent features that are associated with a subsequent execution of a particular process;
  
  providing (i) the set of one or more initial features that are associated with an initial execution of a particular process, and (ii) the set of one or more subsequent features that are associated with a subsequent execution of a particular process, to a process risk classifier that is trained, based on (i) a given set of one or more initial features that are associated with an initial execution of a given process and (ii) a given set of one or more subsequent features that are associated with a subsequent execution of a given process, to output a risk score that quantifies an estimated amount of risk associated with the given process;
  
  in response to providing (i) the set of one or more initial features that are associated with an initial execution of a particular process, and (ii) the set of one or more subsequent features that are associated with a subsequent execution of a particular process, receiving, from the process risk classifier, a particular risk score that quantifies an estimated amount of risk associated with the particular process; and
  
  selectively placing the subsequent or later executions of the particular process in an isolating computing environment based at least on the particular risk score that quantifies the estimated amount of risk associated with the particular process.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the set of one or more initial features associated with the initial execution of the particular process and the set of one or more subsequent features associated with the subsequent execution of the particular process comprise an indication of an amount of processor usage during the initial and subsequent executions, respectively.
  - 3. The method of claim 1, wherein the set of one or more initial features associated with the initial execution of the particular process and the set of one or more subsequent features associated with the subsequent execution of the particular process comprise an indication of an amount of memory usage during the initial and subsequent executions, respectively.
  - 4. The method of claim 1, wherein the set of one or more initial features associated with the initial execution of the particular process and the set of one or more subsequent features associated with the subsequent execution of the particular process comprise an indication of an amount of an amount of network usage during the initial and subsequent executions, respectively.
  - 5. The method of claim 1, wherein the set of one or more initial features associated with the initial execution of the particular process and the set of one or more subsequent features associated with the subsequent execution of the particular process comprise an indication of other processes that are associated with initial and subsequent executions, respectively.
  - 6. The method of claim 1, wherein the set of one or more initial features associated with the initial execution of the particular process and the set of one or more subsequent features associated with the subsequent execution of the particular process comprise data characterizing user inputs received during the initial and subsequent executions, respectively.
  - 7. The method of claim 1, wherein the set of one or more initial features associated with the initial execution of the particular process and the set of one or more subsequent features associated with the subsequent execution of the particular process comprise an indication of an amount of energy usage associated with a particular hardware component during the initial and subsequent executions, respectively.

8. A system comprising:
- one or more computers; and
  
  one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising;
  
  obtaining (i) a set of one or more initial features that are associated with an initial execution of a particular process, and (ii) a set of one or more subsequent features that are associated with a subsequent execution of a particular process;
  
  providing (i) the set of one or more initial features that are associated with an initial execution of a particular process, and (ii) the set of one or more subsequent features that are associated with a subsequent execution of a particular process, to a process risk classifier that is trained, based on (i) a given set of one or more initial features that are associated with an initial execution of a given process and (ii) a given set of one or more subsequent features that are associated with a subsequent execution of a given process, to output a risk score that quantifies an estimated amount of risk associated with the given process;
  
  in response to providing (i) the set of one or more initial features that are associated with an initial execution of a particular process, and (ii) the set of one or more subsequent features that are associated with a subsequent execution of a particular process, receiving, from the process risk classifier, a particular risk score that quantifies an estimated amount of risk associated with the particular process; and
  
  selectively placing the subsequent or later executions of the particular process in an isolating computing environment based at least on the particular risk score that quantifies the estimated amount of risk associated with the particular process.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the set of one or more initial features associated with the initial execution of the particular process and the set of one or more subsequent features associated with the subsequent execution of the particular process comprise an indication of an amount of processor usage during the initial and subsequent executions, respectively.
  - 10. The system of claim 8, wherein the set of one or more initial features associated with the initial execution of the particular process and the set of one or more subsequent features associated with the subsequent execution of the particular process comprise an indication of an amount of memory usage during the initial and subsequent executions, respectively.
  - 11. The system of claim 8, wherein the set of one or more initial features associated with the initial execution of the particular process and the set of one or more subsequent features associated with the subsequent execution of the particular process comprise an indication of an amount of an amount of network usage during the initial and subsequent executions, respectively.
  - 12. The system of claim 8, wherein the set of one or more initial features associated with the initial execution of the particular process and the set of one or more subsequent features associated with the subsequent execution of the particular process comprise an indication of other processes that are associated with initial and subsequent executions, respectively.
  - 13. The system of claim 8, wherein the set of one or more initial features associated with the initial execution of the particular process and the set of one or more subsequent features associated with the subsequent execution of the particular process comprise data characterizing user inputs received during the initial and subsequent executions, respectively.
  - 14. The system of claim 8, wherein the set of one or more initial features associated with the initial execution of the particular process and the set of one or more subsequent features associated with the subsequent execution of the particular process comprise an indication of an amount of energy usage associated with a particular hardware component during the initial and subsequent executions, respectively.

15. A non-transitory computer readable storage device storing instructions that, when executed by one or more processors, cause the one or more processors to perform operations comprising:
- obtaining (i) a set of one or more initial features that are associated with an initial execution of a particular process, and (ii) a set of one or more subsequent features that are associated with a subsequent execution of a particular process;
  
  providing (i) the set of one or more initial features that are associated with an initial execution of a particular process, and (ii) the set of one or more subsequent features that are associated with a subsequent execution of a particular process, to a process risk classifier that is trained, based on (i) a given set of one or more initial features that are associated with an initial execution of a given process and (ii) a given set of one or more subsequent features that are associated with a subsequent execution of a given process, to output a risk score that quantifies an estimated amount of risk associated with the given process;
  
  in response to providing (i) the set of one or more initial features that are associated with an initial execution of a particular process, and (ii) the set of one or more subsequent features that are associated with a subsequent execution of a particular process, receiving, from the process risk classifier, a particular risk score that quantifies an estimated amount of risk associated with the particular process; and
  
  selectively placing the subsequent or later executions of the particular process in an isolating computing environment based at least on the particular risk score that quantifies the estimated amount of risk associated with the particular process.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The device of claim 15, wherein the set of one or more initial features associated with the initial execution of the particular process and the set of one or more subsequent features associated with the subsequent execution of the particular process comprise an indication of an amount of processor usage during the initial and subsequent executions, respectively.
  - 17. The device of claim 15, wherein the set of one or more initial features associated with the initial execution of the particular process and the set of one or more subsequent features associated with the subsequent execution of the particular process comprise an indication of an amount of memory usage during the initial and subsequent executions, respectively.
  - 18. The device of claim 15, wherein the set of one or more initial features associated with the initial execution of the particular process and the set of one or more subsequent features associated with the subsequent execution of the particular process comprise an indication of an amount of an amount of network usage during the initial and subsequent executions, respectively.
  - 19. The device of claim 15, wherein the set of one or more initial features associated with the initial execution of the particular process and the set of one or more subsequent features associated with the subsequent execution of the particular process comprise an indication of other processes that are associated with initial and subsequent executions, respectively.
  - 20. The device of claim 15, wherein the set of one or more initial features associated with the initial execution of the particular process and the set of one or more subsequent features associated with the subsequent execution of the particular process comprise data characterizing user inputs received during the initial and subsequent executions, respectively.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Accenture Global Services Limited (Accenture PLC)
Original Assignee
Accenture Global Services Limited (Accenture PLC)
Inventors
Mulchandani, Shaan
Primary Examiner(s)
Vaughan, Michael R

Application Number

US15/589,517
Publication Number

US 20170243010A1
Time in Patent Office

127 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

G06F 2221/034   Test or assess a computer o...

Process risk classification

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

46 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Process risk classification

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links