The following operators can be used to better focus your queries.
( ) , AND, OR, NOT, W/#
? single char wildcard, not at start
* multi char wildcard, not at start
(Cat? OR feline) AND NOT dog?
Cat? W/5 behavior
(Cat? OR feline) AND traits
Cat AND charact*
This guide provides a more detailed description of the syntax that is supported along with examples.
This search box also supports the look-up of an IP.com Digital Signature (also referred to as Fingerprint); enter the 72-, 48-, or 32-character code to retrieve details of the associated file or submission.
Concept Search - What can I type?
For a concept search, you can enter phrases, sentences, or full paragraphs in English. For example, copy and paste the abstract of a patent application or paragraphs from an article.
Concept search eliminates the need for complex Boolean syntax to inform retrieval. Our Semantic Gist engine uses advanced cognitive semantic analysis to extract the meaning of data. This reduces the chances of missing valuable information, that may result from traditional keyword searching.
Disclosed is an automated method to determine if there is sufficient data to allow the creation of an Anomaly Detection Engine for Linux Logs (ADE) model that is able to detect bad intervals.
English (United States)
This text was extracted from a PDF file.
This is the abbreviated version, containing approximately
58% of the total text.
Page 01 of 2
Learning Values to Determine if Sufficient Data is Available to Create ADE Models
An anomaly detection engine for Linux logs (ADE) creates a model to detect bad intervals with the following process:
1. Sums the message anomaly scores for each message within an interval to create the interval message contribution value
2. For all of the intervals within the training period, orders the interval message contribution value
3. Assigns each interval message contribution value to a bucket using a histogram
4. Creates a distribution which maps the interval message contribution value to the interval anomaly score
The ADE uses key interval anomaly scores. If the score is below 99.5, then the interval is not defined as unusual. If the score is above 100, then the interval is defined as important. For an ADE to work, a difference must be present between the interval message contribution value for the 99.5 bucket and the interval message contribution value for the 100 bucket.
The ADE can create a model in two ways that make it unable to differentiate between the value for 99.5 and 100: the data is insufficient to create a reasonable model or the message traffic is so similar that the difference is undetectable.
For an ADE to work, it needs to detect which data source does not have sufficient data to create a useful model. There is currently no way to run any form of classification because there is no way to determine whether a model is good.