&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11916934.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,916,934 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Identifying malware-suspect end points through entropy changes in consolidated logs</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Peter Thayer,  Santa Clara, CA (US);  Gabriel G. Infante-Lopez,  Cordoba (AR);  Leandro J. Ferrado,  Cordoba (AR); and  Alejandro Houspanossian,  Cordoba (AR)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  MUSARUBRA US LLC,  San Jose, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Musarubra US LLC,  San Jose, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on May   16, 2022, as Appl. No. 17/745,366.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 17/745,366 is a continuation of application No. 16/588,642, filed on Sep.  30, 2019, granted, now 11,336,665.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 16/588,642 is a continuation of application No. 15/476,212, filed on Mar.  31, 2017, granted, now 10,440,037, issued on Oct.  8, 2019.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2022/0353280 A1, Nov.  3, 2022</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>This patent is subject to a terminal disclaimer.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01); <i><b>G06N 20/00</b></i> (2019.01); <i><b>G06N 20/20</b></i> (2019.01); <i><b>G06N 7/01</b></i> (2023.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/1416</b></i> (2013.01)&#xa0;[<i><b>G06N 20/00</b></i> (2019.01); <i><b>H04L 63/145</b></i> (2013.01); <i><b>H04L 63/1425</b></i> (2013.01); <i>G06N 7/01</i> (2023.01); <i>G06N 20/20</i> (2019.01)]</td>
            <td class="table_data" align="right"><b>17 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11916934-20240227-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">13. A method comprising:<div class="claim_text">processing, by executing an instructions with at least one processor, monitored log entries associated with a plurality of monitored devices to determine measurements associated with the monitored devices, the measurements including ones of a first type of entropy value and ones of a second type of entropy value associated respectively with the monitored devices, the ones of the first type of entropy value based on respective numbers of unique event identifiers included in respective groups of the monitored log entries associated respectively with the monitored devices, a first one of the second type of entropy value based on (i) a number of unique event identifiers included in a first one of the groups of the monitored log entries associated with a first one of the monitored devices and (ii) a total number of log entries included in the first one of the groups of the monitored log entries associated with the first one of the monitored devices;</div>
                <div class="claim_text">determining, based on the measurements and a machine learning algorithm, whether the first one of the monitored devices is compromised; and</div>
                <div class="claim_text">quarantining the first one of the monitored devices in response to a determination that the first one of the monitored devices is compromised.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>