公开(公告)号：US12184692B2

公开(公告)日：2024-12-31

申请号：US17558342

申请日：2021-12-21

Applicant: Oracle International Corporation

Inventor： Valentin Venzin ,  Rhicheek Patra ,  Sungpack Hong ,  Hassan Chafi

IPC: H04L9/40 ,  G06N20/00

Abstract: Herein are graph machine learning explainability (MLX) techniques for invalid traffic detection. In an embodiment, a computer generates a graph that contains: a) domain vertices that represent network domains that received requests and b) address vertices that respectively represent network addresses from which the requests originated. Based on the graph, domain embeddings are generated that respectively encode the domain vertices. Based on the domain embeddings, multidomain embeddings are generated that respectively encode the network addresses. The multidomain embeddings are organized into multiple clusters of multidomain embeddings. A particular cluster is detected as suspicious. In an embodiment, an unsupervised trained graph model generates the multidomain embeddings. Based on the clusters of multidomain embeddings, feature importances are unsupervised trained. Based on the feature importances, an explanation is automatically generated for why an object is or is not suspicious. The explained object may be a cluster or other batch of network addresses or a single network address.

公开(公告)号：US12174835B2

公开(公告)日：2024-12-24

申请号：US18211613

申请日：2023-06-20

Applicant: Oracle International Corporation

Inventor： Arnaud Delamare ,  Irfan Bunjaku ,  Vasileios Trigonakis ,  Calin Iorgulescu ,  Tomas Faltin ,  Sungpack Hong ,  Hassan Chafi

IPC: G06F17/30 ,  G06F16/22 ,  G06F16/23 ,  G06F16/2453 ,  G06F16/2455

Abstract: A storage manager for offloading graph components to persistent storage for reducing resident memory in a distributed graph processing engine is provided. The storage manager identifies a set of graph components required to execute a graph processing operation on a graph in a graph processing engine of a database system and reserves an amount of memory needed to load the set of graph components into memory. The storage manager loads the set of graph components into memory and initiates execution of the graph processing operation using the set of graph components in memory. The storage manager evicts one or more unused graph components from memory in response to receiving a request to free a requested amount of memory from memory.

公开(公告)号：US20240220495A1

公开(公告)日：2024-07-04

申请号：US18091242

申请日：2022-12-29

Applicant: Oracle International Corporation

Inventor： Vasileios Trigonakis ,  Anton Ragot ,  Yahya Ez-zainabi ,  Tomas Faltin ,  Sungpack Hong ,  Hassan Chafi

IPC: G06F16/2453 ,  G06F16/901

CPC classification number: G06F16/24535 ,  G06F16/24537 ,  G06F16/9024

Abstract: A graph processing engine is provided for executing a graph query comprising a parent query and a subquery nested within the parent query. The subquery uses a reference to one or more correlated variables from the parent query. Executing the graph query comprises initiating execution of the parent query, pausing the execution of the parent query responsive to the parent query matching the one or more correlated variables in an intermediate result set, generating a subquery identifier for each match of the one or more correlated variables, modifying the subquery to include a subquery aggregate function and a clause to group results by subquery identifier, executing the modified subquery using the intermediate result set and collecting subquery results into a subquery results table responsive to pausing execution of the parent query, and resuming execution of the parent query using the subquery results table.

公开(公告)号：US12001425B2

公开(公告)日：2024-06-04

申请号：US17116831

申请日：2020-12-09

Applicant: Oracle International Corporation

Inventor： Tomas Faltin ,  Vasileios Trigonakis ,  Jean-Pierre Lozi ,  Sungpack Hong ,  Hassan Chafi

IPC: G06F16/2452 ,  G06F16/2455 ,  G06F16/248

CPC classification number: G06F16/24526 ,  G06F16/24556 ,  G06F16/248

Abstract: Systems and methods for improving evaluation of graph queries through depth first traversals are described herein. In an embodiment, a multi-node system evaluates against graph data a graph query that specifies a particular pattern to match by determining, at a first node of the multi-node system, in a particular instance of evaluating the graph query, that one or more first vertices on the first node match a first portion of the graph query and that a second vertex that is to be evaluated next is stored on a second node separate from the first node. In response to determining that the next vertex to be evaluated is stored on the second node separate from the first node, the first node generates a message to the second node comprising one or more results of the first portion of the graph query based on the one or more first vertices, an identifier of the next vertex, and a current stage of evaluating the graph query. In response to generating the message from the first node to the second node, the first node ceases the particular instance of evaluating the graph query.

公开(公告)号：US20240095604A1

公开(公告)日：2024-03-21

申请号：US18075784

申请日：2022-12-06

Applicant: Oracle International Corporation

Inventor： Fatjon Zogaj ,  Yasha Pushak ,  Hesam Fathi Moghadam ,  Sungpack Hong ,  Hassan Chafi

IPC: G06N20/20

CPC classification number: G06N20/20

Abstract: A computer sorts empirical validation scores of validated training scenarios of an anomaly detector. Each training scenario has a dataset to train an instance of the anomaly detector that is configured with values for hyperparameters. Each dataset has values for metafeatures. For each predefined ranking percentage, a subset of best training scenarios is selected that consists of the ranking percentage of validated training scenarios having the highest empirical validation scores. Linear optimizers train to infer a value for a hyperparameter. Into many distinct unvalidated training scenarios, a scenario is generated that has metafeatures values and hyperparameters values that contains the value inferred for that hyperparameter by a linear optimizer. For each unvalidated training scenario, a validation score is inferred. A best linear optimizer is selected having a highest combined inferred validation score. For a new dataset, the best linear optimizer infers a value of that hyperparameter.

公开(公告)号：US20240070471A1

公开(公告)日：2024-02-29

申请号：US17900779

申请日：2022-08-31

Applicant: Oracle International Corporation

Inventor： Yasha Pushak ,  Moein Owhadi Kareshk ,  Hesam Fathi Moghadam ,  Sungpack Hong ,  Hassan Chafi

IPC: G06N3/12

CPC classification number: G06N3/126

Abstract: Principal component analysis (PCA) accelerates and increases accuracy of genetic algorithms. In an embodiment, a computer generates many original chromosomes. Each original chromosome contains a sequence of original values. Each position in the sequences in the original chromosomes corresponds to only one respective distinct parameter in a set of parameters to be optimized. Based on the original chromosomes, many virtual chromosomes are generated. Each virtual chromosome contains a sequence of numeric values. Positions in the sequences in the virtual chromosomes do not correspond to only one respective distinct parameter in the set of parameters to be optimized. Based on the virtual chromosomes, many new chromosomes are generated. Each new chromosome contains a sequence of values. Each position in the sequences in the new chromosomes corresponds to only one respective distinct parameter in the set of parameters to be optimized. The computer may be configured based on a best new chromosome.

公开(公告)号：US11816102B2

公开(公告)日：2023-11-14

申请号：US16991888

申请日：2020-08-12

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Alberto Parravicini ,  Jinha Kim ,  Sungpack Hong ,  Matthias Brantner ,  Hassan Chafi

IPC: G06F16/2452 ,  G06F16/22 ,  G06F16/248 ,  G06F16/28 ,  G06N5/025 ,  G06N5/048

CPC classification number: G06F16/24522 ,  G06F16/2246 ,  G06F16/248 ,  G06F16/288 ,  G06N5/025 ,  G06N5/048

Abstract: Techniques described herein allow for accurate translation of natural language (NL) queries to declarative language. A syntactic dependency parsing tree is generated for an NL query, which is used to map tokens in the query to logical data model concepts. Relationship-type mappings are completed based on relationship constraints. Final mappings are identified for any relationship tokens that are associated with multiple candidate mappings by identifying which candidate mappings have the lowest cost metrics. An NL query-specific query graph is generated based on the mapping data for the NL query and the logical data model. The query graph represents an NL query-specific version of the logical data model where grammatical dependencies between NL query words are translated to the query graph. A query graph is annotated with information, from the mapping data, that is not represented paths in the query graph. The query graph is used generate a computer-executable translation of the NL query.

公开(公告)号：US20230199026A1

公开(公告)日：2023-06-22

申请号：US17558342

申请日：2021-12-21

Applicant: Oracle International Corporation

Inventor： Valentin Venzin ,  Rhicheek Patra ,  Sungpack Hong ,  Hassan Chafi

IPC: H04L9/40 ,  G06N20/00

CPC classification number: H04L63/1483 ,  H04L63/1425 ,  G06N20/00

Abstract: Herein are graph machine learning explainability (MLX) techniques for invalid traffic detection. In an embodiment, a computer generates a graph that contains: a) domain vertices that represent network domains that received requests and b) address vertices that respectively represent network addresses from which the requests originated. Based on the graph, domain embeddings are generated that respectively encode the domain vertices. Based on the domain embeddings, multidomain embeddings are generated that respectively encode the network addresses. The multidomain embeddings are organized into multiple clusters of multidomain embeddings. A particular cluster is detected as suspicious. In an embodiment, an unsupervised trained graph model generates the multidomain embeddings. Based on the clusters of multidomain embeddings, feature importances are unsupervised trained. Based on the feature importances, an explanation is automatically generated for why an object is or is not suspicious. The explained object may be a cluster or other batch of network addresses or a single network address.

公开(公告)号：US11675785B2

公开(公告)日：2023-06-13

申请号：US16778668

申请日：2020-01-31

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Vasileios Trigonakis ,  Tomas Faltin ,  Jean-Pierre Lozi ,  Vlad Ioan Haprian ,  Sungpack Hong ,  Hassan Chafi

IPC: G06F16/2452 ,  G06F16/2458

CPC classification number: G06F16/24526 ,  G06F16/2471

Abstract: Techniques are described for enabling in-memory execution of any-sized graph data query by utilizing both depth first search (DFS) principles and breadth first search (BFS) principles to control the amount of memory used during query execution. Specifically, threads implementing a graph DBMS switch between a BFS mode of data traversal and a DFS mode of data traversal. For example, when a thread detects that there are less than a configurable threshold number of intermediate results in memory, the thread enters BFS-based traversal techniques to increase the number of intermediate results in memory. When the thread detects that there are at least the configurable threshold number of intermediate results in memory, the thread enters DFS mode to produce final results, which generally works to move the intermediate results that are currently available in memory to final query results, thereby reducing the number of intermediate results in memory.

公开(公告)号：US11456946B2

公开(公告)日：2022-09-27

申请号：US16899185

申请日：2020-06-11

Applicant: Oracle International Corporation

Inventor： Petar Tonkovic ,  Vasileios Trigonakis ,  Tomas Faltin ,  Sungpack Hong ,  Hassan Chafi

IPC: H04L45/00 ,  G06F9/54 ,  G06F16/901 ,  H04L47/122

Abstract: A pattern matching engine interprets a query into a data structure resembling a finite state machine. Vertices in the query pattern are treated as states or stages, while edges connecting them are treated as state transitions or hops. To match the full pattern, the first stage is first matched by applying vertex filters, if any. If the vertex is eligible, its edges that satisfy the edge filters, if any, are followed to move to the neighbors that can potentially produce results, thus progressing to the next stage. This process is repeated; if all stages are matched, then the whole pattern has been matched successfully.