公开(公告)号：US20220284056A1

公开(公告)日：2022-09-08

申请号：US17194165

申请日：2021-03-05

Applicant: Oracle International Corporation

Inventor： Damien Hilloulin ,  Vasileios Trigonakis ,  Alexander Weld ,  Valentin Venzin ,  Sungpack Hong ,  Hassan Chafi

IPC: G06F16/901 ,  G06F16/22

Abstract: Techniques are provided for updating in-memory property graphs in a fast manner, while minimizing memory consumption. A graph is represented as delta compressed sparse rows (CSR), in which its data structure stores forward edge offsets that map reverse edges to forward edges, enabling fast traversals of graph edges in forward and reverse directions. To support fast graph updates, delta logs are used to store changes to the graph. In an embodiment, a base version of the graph data structure is initially loaded or created, and subsequent versions of the graph are created from the reference to the initial graph and a delta log data structure that records the changes compared to the base version of the graph.

公开(公告)号：US12184692B2

公开(公告)日：2024-12-31

申请号：US17558342

申请日：2021-12-21

Applicant: Oracle International Corporation

Inventor： Valentin Venzin ,  Rhicheek Patra ,  Sungpack Hong ,  Hassan Chafi

IPC: H04L9/40 ,  G06N20/00

Abstract: Herein are graph machine learning explainability (MLX) techniques for invalid traffic detection. In an embodiment, a computer generates a graph that contains: a) domain vertices that represent network domains that received requests and b) address vertices that respectively represent network addresses from which the requests originated. Based on the graph, domain embeddings are generated that respectively encode the domain vertices. Based on the domain embeddings, multidomain embeddings are generated that respectively encode the network addresses. The multidomain embeddings are organized into multiple clusters of multidomain embeddings. A particular cluster is detected as suspicious. In an embodiment, an unsupervised trained graph model generates the multidomain embeddings. Based on the clusters of multidomain embeddings, feature importances are unsupervised trained. Based on the feature importances, an explanation is automatically generated for why an object is or is not suspicious. The explained object may be a cluster or other batch of network addresses or a single network address.

公开(公告)号：US20230199026A1

公开(公告)日：2023-06-22

申请号：US17558342

申请日：2021-12-21

Applicant: Oracle International Corporation

Inventor： Valentin Venzin ,  Rhicheek Patra ,  Sungpack Hong ,  Hassan Chafi

IPC: H04L9/40 ,  G06N20/00

CPC classification number: H04L63/1483 ,  H04L63/1425 ,  G06N20/00

Abstract: Herein are graph machine learning explainability (MLX) techniques for invalid traffic detection. In an embodiment, a computer generates a graph that contains: a) domain vertices that represent network domains that received requests and b) address vertices that respectively represent network addresses from which the requests originated. Based on the graph, domain embeddings are generated that respectively encode the domain vertices. Based on the domain embeddings, multidomain embeddings are generated that respectively encode the network addresses. The multidomain embeddings are organized into multiple clusters of multidomain embeddings. A particular cluster is detected as suspicious. In an embodiment, an unsupervised trained graph model generates the multidomain embeddings. Based on the clusters of multidomain embeddings, feature importances are unsupervised trained. Based on the feature importances, an explanation is automatically generated for why an object is or is not suspicious. The explained object may be a cluster or other batch of network addresses or a single network address.