Methods, systems and computer program products for detecting flow-level network traffic anomalies via abstraction levels

Assignee

• International Business Machines Corporation · US

Inventors

• Paul T. Hurley · Oberrieden, CH
• Andreas Kind · Hildesheim, DE
• Marc Stoecklin · Basel, CH

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L41/142
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Methods, systems and computer program products for detecting flow-level network traffic anomalies via abstraction levels. An exemplary embodiment includes a method for detecting flow-level network traffic anomalies in a computer network, the method including obtaining current distributions of flow level traffic features within the computer network, computing distances of the current distributions' components from a distributions model, comparing the distances of the current distributions to distance baselines from the distributions model, determining if the distances are above a pre-determined thresholds and in response to one or more of the distances being above the pre-determined thresholds in one or more distributions, identifying the current condition to be abnormal and providing indications to its nature.