Cluster-based outlier scoring of network traffic

Assignee

• International Business Machines Corporation · US

Inventors

• Yair Allouche · Afula, IL
• Aviad Cohen · Netanya, IL
• Ravid Sagy · Givatayim, IL
• Ofer Haim Biller · Sde Boker, IL
• Eitan Farchi · Pardes Hana-Karkur, IL

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06N20/00
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

In some examples, a system for decorating network traffic flows with outlier scores includes a processor and a memory device to store traffic flows received from a network. The processor is configured to receive a set of traffic flows from the memory device and generate a tree model to split the traffic flows into clusters of traffic flows. Each cluster corresponds with a leaf of the tree model. The processor is further configured to generate machine learning models for each of the clusters of traffic flows separately. For a new traffic flow, the processor is configured to identify a specific one of the machine learning models that corresponds with the new traffic flow, compute an outlier score for the new traffic flow using the identified specific one of the machine learning models, and decorate the new traffic flow with the outlier score.