Computerized high-speed anomaly detection
US11663067B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 15, 2017 |
| Grant date | May 30, 2023 |
| Priority date | — |
| Expiry date | Feb 21, 2041 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06N20/00
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Embodiments of the invention include a computer-implemented method for detecting anomalies in non-stationary data in a network of computing entities. The method collects non-stationary data in the network and classifies the non-stationary data according to a non-Markovian, stateful classification, based on an inference model. Anomalies can then be detected, based on the classified data. The non-Markovian, stateful process allows anomaly detection even when no a priori knowledge of anomaly signatures or malicious entities exists. Anomalies can be detected in real time (e.g., at speeds of 10-100 Gbps) and the network data variability can be addressed by implementing a detection pipeline to adapt to changes in traffic behavior through online learning and retain memory of past behaviors. A two-stage scheme can be relied upon, which involves a supervised model coupled with an unsupervised model.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.