首页>
外国专利>
METHODS AND SYSTEMS FOR ANOMALY DETECTION USING FUNCTION SPECIFICATIONS DERIVED FROM SERVER INPUT/OUTPUT (I/O) BEHAVIOR
METHODS AND SYSTEMS FOR ANOMALY DETECTION USING FUNCTION SPECIFICATIONS DERIVED FROM SERVER INPUT/OUTPUT (I/O) BEHAVIOR
展开▼
机译:使用从服务器输入/输出(I / O)行为得出的功能规范进行异常检测的方法和系统
展开▼
页面导航
摘要
著录项
相似文献
摘要
Various embodiments include methods of protecting a computing device within a network from malware or other non-benign behaviors. A computing device may monitor inputs and outputs to a server, derive a functional specification from the monitored inputs and outputs, and use the functional specification for anomaly detection. Use of the derived functional specification for anomaly detection may include determining whether a behavior, activity, web application, process or software application program is non-benign. The computing device may be the server, and the functional specification may be used to determine whether the server is under attack. In some embodiments, the computing device may constrain the functional specification with a generic constraint, detect a new input-output pair, determine whether the detected input-output pair satisfies the constrained functional specification, and determine that the detected input-output pair is anomalous upon determining that the detected input-output pair (or request-response pair) satisfies the constrained functional specification.
展开▼