| CPC G06F 11/3006 (2013.01) [G06F 11/327 (2013.01)] | 18 Claims |
|
1. A method comprising steps of:
collecting resource activity data at a cloud edge via in-line real time monitoring from a plurality of resources in a cloud environment, the resource activity data including information related to a plurality of events associated with the plurality of resources in the cloud environment;
aggregating and performing one or more calculations on the resource activity data to represent the plurality of resources in vector form, wherein the aggregating is performed via a supervised Machine Learning (ML) model and includes grouping the plurality of events into a plurality of triples, wherein each of the plurality of triples includes 3 events executed by a resource of the plurality of resources in sequence;
determining a probability of a sequence of events to be executed by a resource of the plurality of resources based on the vector form of the resource; and
determining an anomaly score for the sequence of events being executed by the resource based on the probability.
|