Statistical analysis of network behavior using event vectors to identify behavioral anomalies using a composite score
US12341792B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 19, 2022 |
| Grant date | Jun 24, 2025 |
| Priority date | — |
| Expiry date | Dec 31, 2042 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1416
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Examples of the present disclosure describe systems and methods for identifying anomalous network behavior. In aspects, a network event may be observed network sensors. One or more characteristics may be extracted from the network event and used to construct an evidence vector. The evidence vector may be compared to a mapping of previously-identified events and/or event characteristics. The mapping may be represented as one or more clusters of expected behaviors and anomalous behaviors. The mapping may be modeled using analytic models for direction detection and magnitude detection. One or more centroids may be identified for each of the clusters. A “best fit” may be determined and scored for each of the analytic models. The scores may be fused into single binocular score and used to determine whether the evidence vector is likely to represent an anomaly.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.