A computer-implemented method of providing unified event monitoring and log processing is disclosed. The method comprises receiving streaming event data comprising a plurality of event entries from a plurality of domains including a cloud manager for a cloud platform and an application running within a container on the cloud platform; processing the streaming event data into a normalized, domain-independent format; evaluating a plurality of policy rules on the streaming event data, wherein the plurality of policy rules is defined with a unified syntax; and in response to the evaluating satisfying a condition of a first rule of the plurality of policy rules, transmitting to a remote device data related to an action defined in the first rule, wherein the receiving, processing, evaluating, and transmitting for each event entry for the plurality of event entries are performed in real time.

Embodiments relate to a neural processor that includes one or more neural engine circuits and planar engine circuits. The neural engine circuits can perform convolution operations of input data with one or more kernels to generate outputs. The planar engine circuit is coupled to the plurality of neural engine circuits. A planar engine circuit can be configured to multiple modes. In a reduction mode, the planar engine circuit may process values arranged in one or more dimensions of input to generate a reduced value. The reduced values across multiple input data may be accumulated. The planar engine circuit may program a filter circuit as a reduction tree to gradually reduce the data into a reduced value. The reduction operation reduces the size of one or more dimensions of a tensor.

Some embodiments of the invention provide a method for performing intrusion detection operations on a host computer. The method receives a data message sent by a machine executing on the host computer. For the data message's flow, the method identifies a set of one or more contextual attributes that are different than layers 2, 3 and 4 header values of the data message. The identified set of contextual attributes are provided to an intrusion detection system (IDS) engine that executes on the host computer to enforce several IDS rules. The IDS engine uses the identified set of contextual attributes to identify a subset of the IDS rules that are applicable to the received data message and that do not include all of the IDS rules enforced by the IDS engine. The IDS engine then examines the subset of IDS rules for the received data message to ascertain whether the data message is associated with a network intrusion activity. For instance, in some embodiments, the IDS engine identifies one rule in the identified subset of IDS rules as matching the received data message, and then processes this rule to determine whether the data message is associated with an intrusion.

A data processing system comprising: a first information processing device and a second information processing device, the second information processing device including: a second memory; and a second processor coupled to the second memory and the second processor configured to: convert a first identifier included in a first processing request from the first information processing device into a reversibly convertible first conversion identifier in response to receiving the first processing request; transmit the first processing request including the converted first conversion identifier to another information processing system; reconvert, in response to receiving a first execution result of a process corresponding to the first processing request, the first conversion identifier included in the first execution result into the first identifier; and transmit the first execution result including the reconverted first identifier and the first conversion identifier to the first information processing device.

Disclosed are various embodiments for decreasing the amount of time spent processing interrupts by switching contexts in parallel with processing an interrupt. An interrupt request can be received during execution of a process in a less privileged user mode. Then, the current state of the process can be saved. Next, a switch from the less privileged mode to a more privileged mode can be made. The interrupt request is then processed while in the more privileged mode. Subsequently or in parallel, and possibly prior to completion of the processing the interrupt request, another switch from the more privileged mode to the less privileged mode can be made.

Disclosed herein are network elements for use in a transport network and methods of using the same. The network elements may comprise an embedded device having a processor, a communication device in communication with the processor, a first memory, a second memory, and a third memory. The third memory may store a hybrid boot sequence comprising computer-executable instructions that when executed by the processor of the embedded device cause the embedded device to: determine whether a first kernel image is stored on the first memory; responsive to the determination that the first kernel image is not stored on the first memory, obtain a second kernel image stored on a remote network element; store at least one of the first kernel image and the second kernel image on the second memory as a primary kernel image; and boot the primary kernel image stored on the second memory.

Generating user-specific polygraphs for network activity, including: gathering information describing network activity associated with a user and generating, based on the information, a user-specific polygraph that includes one or more destinations associated with the network activity.

In a method for dynamically binding data in an application, an expression describing a relation between a first property of a first data of the application to a first property of a second data of the application is received. A binding is created between the first data and the second data based on the relation. A change is propagated to the first property of the second data based on a change to the first property of the first data. The receiving the expression and the creating the binding are repeated to create a plurality of bindings based on a plurality of expressions, and the receiving the expression and the creating the binding occur dynamically during an execution of the application.

A method and apparatus for generating an operator are provided. The method includes: constructing a group of basic application programming interfaces for providing one of the following basic functions: an access function, a storage function, and a computing function; constructing a kernel application programming interface for invoking the basic application programming interfaces to implement an operator logic; and generating a target kernel operator based on the group of basic application programming interfaces and the kernel application programming interface.

A method performed by a computing system, includes executing an application, using a data call to an Application Programming Interface, the data call requesting access to a file stored on a storage system associated with the computing system, with a context extraction module, determining contextual information associated with the data call, through use of a library, causing a kernel to access the file according to the data call, storing the contextual information on the storage system, and performing an analysis on the contextual information, the analysis including determining an average size of a call stack when the data was accessed.