The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Nov. 29, 2011
Filed:
Feb. 27, 2009
Rina Panigrahy, Sunnyvale, CA (US);
Chad Verbowski, Redmond, WA (US);
Yinglian Xie, Cupertino, CA (US);
Junfeng Yang, New York City, NY (US);
Ding Yuan, Champaign, IL (US);
Rina Panigrahy, Sunnyvale, CA (US);
Chad Verbowski, Redmond, WA (US);
Yinglian Xie, Cupertino, CA (US);
Junfeng Yang, New York City, NY (US);
Ding Yuan, Champaign, IL (US);
Microsoft Corporation, Redmond, WA (US);
Abstract
A technique for automatically detecting and correcting configuration errors in a computing system. In a learning process, recurring event sequences, including e.g., registry access events, are identified from event logs, and corresponding rules are developed. In a detecting phase, the rules are applied to detected event sequences to identify violations and to recover from failures. Event sequences across multiple hosts can be analyzed. The recurring event sequences are identified efficiently by flattening a hierarchical sequence of the events such as is obtained from the Sequitur algorithm. A trie is generated from the recurring event sequences and edges of nodes of the trie are marked as rule edges or non-rule edges. A rule is formed from a set of nodes connected by rule edges. The rules can be updated as additional event sequences are analyzed. False positive suppression policies include a violation-consistency policy and an expected event disappearance policy.