GENERATING INCIDENT EXPLANATIONS USING SPATIO-TEMPORAL LOG CLUSTERING

Organization Name

international business machines corporation

Inventor(s)

Seema Nagar of Bangalore (IN)

Mudhakar Srivatsa of White Plains NY (US)

Pooja Aggarwal of Bengaluru (IN)

Joshua M Rosenkranz of White Plains NY (US)

Dipanwita Guhathakurta of Kolkata (IN)

Amitkumar Manoharrao Paradkar of Mohegan Lake NY (US)

Rohan R. Arora of Champaign IL (US)

GENERATING INCIDENT EXPLANATIONS USING SPATIO-TEMPORAL LOG CLUSTERING - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240126630 titled 'GENERATING INCIDENT EXPLANATIONS USING SPATIO-TEMPORAL LOG CLUSTERING

Simplified Explanation

The embodiment of the patent application involves detecting anomalies in log entries for a computer environment, generating cluster data of anomalies using a lattice clustering algorithm, and composing explanations using log templates associated with the cluster of anomalies.

• Detect anomalies in log entries during a predefined window of time.
• Generate cluster data of anomalies using a lattice clustering algorithm.
• Compose explanations using log templates associated with the cluster of anomalies.

Potential Applications

This technology could be applied in cybersecurity for detecting and explaining anomalies in computer systems.

Problems Solved

This technology helps in identifying and understanding unusual patterns or events in log entries, which can be indicative of security breaches or system malfunctions.

Benefits

The benefits of this technology include improved cybersecurity measures, early detection of potential threats, and enhanced system monitoring capabilities.

Potential Commercial Applications

One potential commercial application of this technology could be in the development of advanced cybersecurity software for businesses and organizations.

Possible Prior Art

One possible prior art could be the use of clustering algorithms in data analysis for anomaly detection in various fields such as finance or network security.

What are the limitations of this technology in real-world applications?

The limitations of this technology in real-world applications may include the need for continuous updates and maintenance to adapt to evolving cybersecurity threats and the potential for false positives or false negatives in anomaly detection.

How does this technology compare to existing anomaly detection systems?

This technology stands out by utilizing a lattice clustering algorithm to spatially distinguish clusters of anomalies, providing a more precise and targeted approach to anomaly detection compared to traditional methods.

Original Abstract Submitted

an embodiment includes detecting a set of anomalies recorded during a first predefined window of time in log entries for a computer environment. the embodiment also includes generating cluster data representative of a cluster of anomalies from among the set of anomalies, where the cluster is formed using a lattice clustering algorithm that spatially distinguishes the cluster of anomalies from other anomalies in the set of anomalies. the embodiment also includes composing an explanation using log templates generated from log entries associated with the cluster of anomalies.