Methods, apparatus, computing devices, and storage media for anomaly behavior detection

CN113918941BActive Publication Date: 2026-06-26HUAWEI CLOUD COMPUTING TECHNOLOGIES CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
HUAWEI CLOUD COMPUTING TECHNOLOGIES CO LTD
Filing Date
2020-07-07
Publication Date
2026-06-26

AI Technical Summary

Technical Problem

In existing technologies, detecting abnormal behavior requires the pre-creation of a feature rule base and browsing of every process log, resulting in low detection efficiency and an inability to quickly and effectively identify abnormal activities in a computer.

Method used

By acquiring the process logs of computing devices, extracting process execution sequences and call relationships, combining the process execution transfer information and reconstructed process identifiers corresponding to normal behavior, using Hidden Markov Model (HMM) parameters to judge abnormal behavior, and employing weighted processing and active learning algorithms to optimize the detection results.

Benefits of technology

It enables efficient and accurate detection of abnormal behavior in computing devices, reduces manual intervention, improves detection efficiency and accuracy, and adapts to abnormal behavior recognition in different scenarios.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN113918941B_ABST
    Figure CN113918941B_ABST
Patent Text Reader

Abstract

The application provides a method, device, computing equipment and storage medium for abnormal behavior detection, and belongs to the technical field of computers. The method comprises the following steps: obtaining a process log of the computing equipment, extracting a process execution sequence of the process log, the process execution sequence being used for reflecting a process execution order, and judging abnormal behavior in the computing equipment according to the process execution sequence and process execution transition information corresponding to normal behavior of the computing equipment. According to the application, the abnormal behavior in the computing equipment can be determined efficiently.
Need to check novelty before this filing date? Find Prior Art