DETECTING FLOW ANOMALIES
First Claim
Patent Images
1. A method, comprising:
- receiving, by a system comprising a non-transitory memory and a processing resource, network data related to a distributed system;
employing, by the system, a statistical model of the distributed system based on the network data to determine a statistical deviation of a given flow of information through a portion of the distributed system;
determining, by the system, a number of statistically deviated flows connected to the given flow based on a context of the distributed system; and
determining, by the system, if the given flow is an anomaly based on the number of statistically deviated flows connected to the given flow.
2 Assignments
0 Petitions
Accused Products
Abstract
An example method can include receiving network data related to a distributed system. A statistical model of the distributed system based on the network data can be employed to determine a statistical deviation of a given flow of information through a portion of the distributed system. A number of statistically deviated flows connected to the given flow can be determined based on a context of the distributed system. A determination can be made if the given flow is an anomaly based on the number of statistically deviated flows connected to the given flow.
-
Citations
15 Claims
-
1. A method, comprising:
-
receiving, by a system comprising a non-transitory memory and a processing resource, network data related to a distributed system; employing, by the system, a statistical model of the distributed system based on the network data to determine a statistical deviation of a given flow of information through a portion of the distributed system; determining, by the system, a number of statistically deviated flows connected to the given flow based on a context of the distributed system; and determining, by the system, if the given flow is an anomaly based on the number of statistically deviated flows connected to the given flow. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer readable medium to store machine readable instructions that when accessed and executed by a processing resource cause a computing device to perform operations, the operations comprising:
-
receiving network data comprising source points and end points of a plurality of flows that propagate through different nodes distributed throughout a network; employing a statistical model of the network based on the network data to determine a statistical deviation of a given flow of the plurality of flows in a distributed system; determining a number of statistically deviated flows from the plurality of flows connected to the given flow; determining, if the given flow is an anomaly based on the number of statistically deviated flows connected to the given flow, a strength of the anomaly; and outputting the strength of the anomaly and a location of the anomaly in the distributed system. - View Dependent Claims (11, 12, 13, 14)
-
-
15. An anomaly detection system, comprising:
-
a non-transitory memory to store machine readable instructions; and a processing resource to access the memory and execute the machine readable instructions, the machine-readable instructions comprising; a receiver to receive network data comprising source points and end points of a plurality of flows in a distributed system; a statistical model component to employ a statistical model of the distributed system based on the network data to determine a statistical deviation of a flow of the plurality of flows; a statistically deviated flow component to discover a number of statistically deviated flows from the plurality of flows connected to the flow based on a time value and a location value related to each statistically deviated flow and determine whether the given flow is an anomaly; and an output component to output an indication of the anomaly.
-
Specification