Abstract: The disclosed embodiments relate to a technique for training a prognostic pattern-recognition system to detect incipient anomalies that arise during execution of a computer system. During operation, the system gathers and stores telemetry data obtained from n sensors in the computer system during operation of the computer system. Next, the system uses the telemetry data gathered from the n sensors to train a baseline model for the prognostic pattern-recognition system. The prognostic pattern-recognition system then uses the baseline model in a surveillance mode to detect incipient anomalies that arise during execution of the computer system. The system also uses the stored telemetry data to train a set of additional models, wherein each additional model is trained to operate with one or more missing sensors. Finally, the system stores the additional models to be used in place of the baseline model when one or more sensors fail in the computer system.

Abstract: The disclosed embodiments relate to a system that performs an intrusion-detection technique to differentiate between packets received from malicious remote users and legitimate local users in a networked computer system. During operation, the system determines arrival times for incoming packets at a node in the networked computer system. Next, the system determines inter-arrival times between the incoming packets from the arrival times. The system then determines a mean cumulative function (MCF) for the inter-arrival times by computing a cumulative sum of the inter-arrival times. Finally, upon detecting a change in a slope of the MCF, the system generates an alarm to indicate that a malicious remote user may be generating some of the incoming packets.

Abstract: The disclosed embodiments relate to a technique for training a prognostic pattern-recognition system to detect incipient anomalies that arise during execution of a computer system. During operation, the system gathers and stores telemetry data obtained from n sensors in the computer system during operation of the computer system. Next, the system uses the telemetry data gathered from the n sensors to train a baseline model for the prognostic pattern-recognition system. The prognostic pattern-recognition system then uses the baseline model in a surveillance mode to detect incipient anomalies that arise during execution of the computer system. The system also uses the stored telemetry data to train a set of additional models, wherein each additional model is trained to operate with one or more missing sensors. Finally, the system stores the additional models to be used in place of the baseline model when one or more sensors fail in the computer system.

Abstract: According to some embodiments, the workgroup divisibility requirement may be dispensed with on a selective or permanent basis, i.e. in all cases, particular cases or at particular times and/or under particular conditions. An application programming interface implementation may be allowed to launch workgroups with non-uniform local sizes. Two different local sizes may be used in a case of a one-dimensional workload.

Abstract: The disclosed embodiments relate to a system that performs an intrusion-detection technique to differentiate between packets received from malicious remote users and legitimate local users in a networked computer system. During operation, the system determines arrival times for incoming packets at a node in the networked computer system. Next, the system determines inter-arrival times between the incoming packets from the arrival times. The system then determines a mean cumulative function (MCF) for the inter-arrival times by computing a cumulative sum of the inter-arrival times. Finally, upon detecting a change in a slope of the MCF, the system generates an alarm to indicate that a malicious remote user may be generating some of the incoming packets.

Abstract: According to some embodiments, the workgroup divisibility requirement may be dispensed with on a selective or permanent basis, i.e. in all cases, particular cases or at particular times and/or under particular conditions. An application programming interface implementation may be allowed to launch workgroups with non-uniform local sizes. Two different local sizes may be used in a case of a one-dimensional workload.