&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12118077.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,118,077 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Feature extraction and time series anomaly detection over dynamic graphs</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Miriam Hanna Manevitz,  Tel Aviv (IL);  Liat Ben Porat Roda,  Tel Aviv (IL);  Or Basson,  Tel Aviv (IL);  Aviv Ben Arie,  Tel Aviv (IL); and  Hagai Fine,  Tel Aviv (IL)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Intuit Inc.,  Mountain View, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Intuit Inc.,  Mountain View, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Jan.  21, 2021, as Appl. No. 17/154,293.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2022/0229903 A1, Jul.  21, 2022</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01); <i><b>G06F 16/901</b></i> (2019.01); <i><b>G06F 17/16</b></i> (2006.01); <i><b>G06F 21/55</b></i> (2013.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>G06F 21/552</b></i> (2013.01)&#xa0;[<i><b>G06F 16/9027</b></i> (2019.01); <i><b>G06F 17/16</b></i> (2013.01); <i><b>H04L 63/1425</b></i> (2013.01); <i>G06F 2221/034</i> (2013.01); <i>G06F 2221/2101</i> (2013.01)]</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12118077-20241015-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method of detecting network security anomalies from dynamic graph data comprising:<div class="claim_text">receiving, by a processor, data including a plurality of graph snapshots for a plurality of consecutive periodic time samples, the data including a mapping between connected components in consecutive graph snapshots and describing at least one feature of each connected component, the mapping between the connected components including nodes representing entities in at least one computer network and edges representing relationships between the entities in the at least one computer network;</div>
                <div class="claim_text">recursively building, by the processor, a tree tracking an evolution of one of the connected components through the plurality of graph snapshots, the tree including a root node representing the connected component at a final one of the consecutive periodic time samples and a plurality of leaf nodes branching from the root node;</div>
                <div class="claim_text">extracting, by the processor, a plurality of paths from the tree, wherein each path is extracted by traversing the tree from the root node to one of the plurality of leaf nodes and each path contains data describing an evolution of a respective one of the connected components through time as indicated by evolution of the at least one feature of the respective one of the connected components;</div>
                <div class="claim_text">converting, by the processor, the dynamic graph data into time-series data compatible with a time series anomaly detection algorithm, by converting each of the plurality of paths into a respective numerical vector of a plurality of numerical vectors, the time series data tracking a change in the plurality of paths over time; and</div>
                <div class="claim_text">executing, by the processor, the time series anomaly detection algorithm on the plurality of numerical vectors, thereby detecting, based on the change in the plurality of paths over time, at least one security anomaly in the at least one computer network in communication with the processor.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>