User assistance coordination in anomaly detection
First Claim
Patent Images
1. A method comprising:
- receiving, at a device in a network, feedback regarding an anomaly reporting mechanism used by the device to report network anomalies detected by a plurality of distributed learning agents to a user interface, wherein the feedback includes information about how the network anomalies are reported by the anomaly reporting mechanism;
determining, by the device, an anomaly assessment rate at which a user of the user interface is expected to assess reported anomalies based in part on the feedback;
receiving, at the device, an anomaly notification regarding a particular anomaly detected by a particular one of the distributed learning agents;
dynamically adjusting, by the device, a number of anomalies reported to the user interface based on the determined anomaly assessment rate, wherein the determined anomaly assessment rate is an inference made by a machine learning model based on a behavior of a user and the feedback, wherein the anomaly reporting mechanism is adjusted rather than a classifier on the plurality of distributed learning agents; and
reporting, by the device and via the anomaly reporting mechanism, the particular anomaly to the user interface according to the adjustment.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a device in a network receives feedback regarding an anomaly reporting mechanism used by the device to report network anomalies detected by a plurality of distributed learning agents to a user interface. The device determines an anomaly assessment rate at which a user of the user interface is expected to assess reported anomalies based in part on the feedback. The device receives an anomaly notification regarding a particular anomaly detected by a particular one of the distributed learning agents. The device reports, via the anomaly reporting mechanism, the particular anomaly to the user interface based on the determined anomaly assessment rate.
24 Citations
20 Claims
-
1. A method comprising:
-
receiving, at a device in a network, feedback regarding an anomaly reporting mechanism used by the device to report network anomalies detected by a plurality of distributed learning agents to a user interface, wherein the feedback includes information about how the network anomalies are reported by the anomaly reporting mechanism; determining, by the device, an anomaly assessment rate at which a user of the user interface is expected to assess reported anomalies based in part on the feedback; receiving, at the device, an anomaly notification regarding a particular anomaly detected by a particular one of the distributed learning agents; dynamically adjusting, by the device, a number of anomalies reported to the user interface based on the determined anomaly assessment rate, wherein the determined anomaly assessment rate is an inference made by a machine learning model based on a behavior of a user and the feedback, wherein the anomaly reporting mechanism is adjusted rather than a classifier on the plurality of distributed learning agents; and reporting, by the device and via the anomaly reporting mechanism, the particular anomaly to the user interface according to the adjustment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
adding, by a device in a network and to a training data set, feedback regarding an anomaly reporting mechanism used by the device to report network anomalies detected by a plurality of distributed learning agents to a user interface, wherein the feedback includes information about how the network anomalies are reported by the anomaly reporting mechanism; training, by the device, a machine learning-based classifier using the training data set to determine a relevancy for a detected anomaly; determining, by the device, a relevancy for a particular anomaly detected by a particular one of the distributed learning agents; dynamically adjusting, by the device, a number of anomalies reported to the user interface the determined relevancy, wherein the determined relevancy is an inference made by a machine learning model based on a behavior of a user and the feedback, wherein the anomaly reporting mechanism is adjusted rather than a classifier on the plurality of distributed learning agents; and reporting, by the device and via the anomaly reporting mechanism, the particular anomaly to the user interface according to the adjustment. - View Dependent Claims (10, 11, 12)
-
-
13. An apparatus, comprising:
-
one or more network interfaces to communicate with a network; a processor coupled to the network interfaces and configured to execute one or more processes; and a memory configured to store a process executable by the processor, the process when executed operable to; receive feedback regarding an anomaly reporting mechanism used by the apparatus to report network anomalies detected by a plurality of distributed learning agents to a user interface, wherein the feedback includes information about how the network anomalies are reported by the anomaly reporting mechanism; determine an anomaly assessment rate at which a user of the user interface is expected to assess reported anomalies based in part on the feedback; receive an anomaly notification regarding a particular anomaly detected by a particular one of the distributed learning agents; dynamically adjust a number of anomalies reported to the user interface based on the determined anomaly assessment rate, wherein the determined anomaly assessment rate is an inference made by a machine learning model based on a behavior of a user and the feedback, wherein the anomaly reporting mechanism is adjusted rather than a classifier on the plurality of distributed learning agents; and report, via the anomaly reporting mechanism, the particular anomaly to the user interface according to the adjustment. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification