×

Low-complexity detection of potential network anomalies using intermediate-stage processing

  • US 10,601,849 B2
  • Filed: 08/24/2017
  • Issued: 03/24/2020
  • Est. Priority Date: 08/24/2017
  • Status: Active Grant
First Claim
Patent Images

1. A computer implemented method, comprising:

  • receiving flow data for a network flow;

    parsing the flow data into a plurality of time buckets;

    extracting a plurality of tuples describing the flow data, the tuple comprising a time duration of the network flow and information identifying an amount of data transmitted during the flow;

    calculating a long-term trend based at least in part on at least a first tuple and two or more time buckets of the plurality of time buckets including assigning the first tuple to a long-term cluster of a plurality of long-term clusters;

    calculating a short-term trend based at least in part on a second tuple and a most recent time bucket of the plurality of time buckets including assigning the second tuple to a short-term cluster of a plurality of short-term clusters;

    determining that the short-term trend diverges from the long-term trend to detect a potential network anomaly by determining that a percentage of tuples in a short-term cluster relative to other short-term clusters is significantly more than a percentage of tuples in a long-term cluster, corresponding to the short-term cluster, relative to other long-term clusters; and

    when the potential network anomaly is detected, initiating a heavy hitter detection algorithm.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×