Systems and methods of network security anomaly detection

Assignee

• L3Harris Technologies, Inc. · US

Inventors

• Mark Rahmes · Melbourne, US
• Kevin Fox · Palm Bay, US
• Robert Konczynski · Melbourne, US
• Ziad Chaudhry · Melbourne, US
• Kusay Rukieh · Seffner, US
• Jody Flieder · West Melbourne, US
• Macaulay Osaisai · Rockledge, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1416
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Network security anomaly detection systems and methods include a processor, in communication with the network, receiving network device status information. A variational autoencoder receives the device status information, optimizes the device status information, and determines whether the device status information qualifies as an anomaly. Optimized device status information is compared to either non-anomalous or anomalous device status data in a latent space of the variational autoencoder. The latent space preferably includes an n-D point scatter plot and hidden vector values. The processor optimizes the device status information by generating a plurality of probabilistic models of the device status information and determining which of the plurality of models is optimal. A game theoretic optimization is applied to the plurality of models, and the best model is used to generate the n-D point scatter plot in latent space. An image gradient sobel edge detector preprocesses the device status information prior to optimization.