The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
May. 10, 2011
Filed:
Oct. 12, 2007
Jack W. Stokes, North Bend, WA (US);
John C. Platt, Bellevue, WA (US);
Michael Shilman, Albany, CA (US);
Joseph L. Kravis, Auburn, WA (US);
Jack W. Stokes, North Bend, WA (US);
John C. Platt, Bellevue, WA (US);
Michael Shilman, Albany, CA (US);
Joseph L. Kravis, Auburn, WA (US);
Microsoft Corporation, Redmond, WA (US);
Abstract
A malicious behavior detection/prevention system, such as an intrusion detection system, is provided that uses active learning to classify entries into multiple classes. A single entry can correspond to either the occurrence of one or more events or the non-occurrence of one or more events. During a training phase, entries are automatically classified into one of multiple classes. After classifying the entry, a generated model for the determined class is utilized to determine how well an entry corresponds to the model. Ambiguous classifications along with entries that do not fit the model well for the determined class are selected for labeling by a human analyst. The selected entries are presented to a human analyst for labeling. These labels are used to further train the classifier and the models. During an evaluation phase, entries are automatically classified using the trained classifier and a policy associated with determined class is applied.