An aspect of behavior of an embedded system may be determined by (a) determining a baseline behavior of the embedded system from a sequence of patterns in real-time digital measurements extracted from the embedded system; (b) extracting, while the embedded system is operating, real-time digital measurements from the embedded system; (c) extracting features from the real-time digital measurements extracted from the embedded system while the embedded system was operating; and (d) determining the aspect of the behavior of the embedded system by analyzing the extracted features with respect to features of the baseline behavior determined.

A tracing operation is initiated on a service, wherein the service comprises a plurality of method calls. A span is generated comprising timing information associated with the service, wherein the span comprises a plurality of nested spans associated with the plurality of method calls. A determination is made as to whether one or more method calls of the plurality of method calls are causing the service to underperform in view of the plurality of nested spans. In response to determining that the one or more method calls of the plurality of method calls are causing the service to underperform, a remedial action associated with the one or more method calls is performed.

A method includes saving a control state for a processor in response to commencing a transactional processing sequence, wherein saving the control state produces a saved control state. The method also includes permitting updates to the control state for the processor while executing the transactional processing sequence. Examples of updates to the control state include key mask changes, primary region table origin changes, primary segment table origin changes, CPU tracing mode changes, and interrupt mode changes. The method also includes restoring the control state for the processor to the saved control state in response to encountering a transactional error during the transactional processing sequence. In some embodiments, saving the control state comprises saving the current control state to memory corresponding to internal registers for an unused thread or another level of virtualization. A corresponding computer system and computer program product are also disclosed herein.

The present invention provides a method of configuring program parameters during run-time of a computing program for computation in a heterogeneous computing system. A compile program is processed in an autotuning system to optimize the parameters of an application for processing in a heterogeneous system comprising, for example CPU and GPU cores.

Provided are a method and apparatus for generating a topological graph, an anomaly detection method and apparatus, a device and a storage medium. The method for generating a topological graph includes acquiring a preset event stream, where the preset event stream corresponds to a normal log execution path; determining a dependent event pair in the preset event stream; determining a range of a transfer interval corresponding to the dependent event pair, where a transfer interval represents the time difference between adjacent occurrences of two events in the dependent event pair; and generating an event topological graph according to the range of the transfer interval and the transfer probability corresponding to the dependent event pair, where the transfer probability represents the conditional probability between the two events in the dependent event pair.

In some examples, a system comprises a network interface; a storage device comprising machine-readable instructions; and a processor coupled to the network interface, the processor to access the storage device, wherein execution of the machine-readable instructions causes the processor to: collect crash event data; categorize the crash event data by an application executing when the crash event occurred; identify a crash event corresponding to the crash event data; create an identifier for the crash event; compare the identifier of the crash event to a list of work items, wherein each work item has an identifier; and update the list of work items based on the comparison.

Disclosed herein is a system for automating the causality detection process when upgrades are deployed to different resources that provide a service. The resources can include physical and/or virtual resources (e.g., processing, storage, and/or networking resources) that are divided into different, geographically dispersed, resource units. To determine whether a root cause of a problem is associated with an upgrade event that has recently been deployed, a system is configured to use telemetry data to compute an upgrade-to-upgrade score that represents differences between two different upgrade events that are deployed to the same resource unit. The system is further configured to use telemetry data to compute an upgrade unit-to-unit score that represents differences between the same upgrade event being deployed to two different resource units. The scores can be used to output an alert, for an analyst, that signals whether a recently deployed upgrade event is the cause of a problem.

An encoder receives an application log file including component values and encodes the component values into lists of preliminary encoded values. The lists of preliminary encoded values are combined into a combined list of preliminary encoded values. An encoder-decoder neural network is trained to encode the combined list of preliminary encoded values into a list of collectively encoded values, to decode the list of collectively encoded values into a list of decoded values, and to optimize a metric measuring the encoder-decoder neural network's functioning, in response to receiving the combined list of preliminary encoded values. The trained encoder-decoder neural network receives combined lists of preliminary encoded values for application log files and encodes the combined lists of preliminary encoded values into lists of collectively encoded values. The lists of collectively encoded values are sent to a detector, thereby enabling the detector to detect an application event associated with the application log files.

A malware monitoring method includes: obtaining a malware sample; extracting operational parameters corresponding to the malware sample; configuring an emulator application corresponding to the malware sample using the operational parameters; executing a plurality of instances of the configured emulator application; collecting output data from each of the plurality of instances; and generating indicators of compromise (IOCs) based on the collected output data.

A graph model of a graphical user interface (GUI) may be generated by processing usage data of the GUI where the usage data comprises sequences of GUI pages and actions between GUI pages. The nodes of the graph model may be determined by obtaining GUI pages from the usage data, identifying dynamic GUI elements in the GUI pages, generating canonical GUI pages by modifying the GUI pages using the dynamic GUI elements, and creating graph nodes using the canonical GUI pages. The edges of the graph may be determined by processing actions from the GUI data that were performed by users to transition from one GUI page to another GUI page. The graph model of the GUI may be used for any appropriate application, such as determining statistics relating to the GUI or statistics relating to individual users of the GUI.