Our team developed a novel anomaly detection system that monitors the processes in the user's machine and identifies abnormal behavior. The system uses patent protected mathematical algorithms and it is distributed as a freeware.
This system protects the machine by keeping the overall performance optimal - it makes sure that all processes behave normally without causing problems that may affect the resources of the machine - for example, hogging the network bandwidth, excessive resource usage (disk, memory, cpu) and more.
Our idea is that by combining our tools with the public knowledge the users have, we can improve the tools and create better methods that are constantly updated.
This way, the users of the system will get a free system, and by contributing their knowledge, the system will improve its detection over time. This way, we create a network of knowledge.
How does PerfProtector works?
Once installed in the client machine, PerfProtector starts its short training phase (about 20 minutes). During the training phase, PerfProtector collects and analyzes several statistics from each active process. Then, it builds a normal profile for each process.
At the end of the training phase, PerfProtector switches automatically to the testing phase. During this phase, PerfProtector monitors and analyzes in realtime the statistics of each process and it looks for deviations from the previously built normal behavior.
These deviations are constantly scored according to their abnormality levels. The user can see in realtime the score of each process. The system displays automatically alerts regarding the most problematic processes.
In the following image we see a screenshot of the system.
The system presents:
On the upper section - the overall CPU and memory usage
On the middle section - the per-process statistics including the abnormality score for each process
On the lower section - the log of the major abnormality alerts including the duration of the abnormal behavior, the overall abnormality score of the anomalous process and individual abnormality scores for each statistic of this process
Then, by combining the network of knowledge, the system suggests a solution that will improve the performance of the user's machine.
Couple of weeks ago we distributed our beta version of PerfProtector among a group of beta testers.
This was the first time that the system was running simultaneously on users machines in the US, in Europe and in Asia.
On the following posts, we will give some interesting events that PerfProtector detected around the world.