CLASSIFICATION OF DETECTED NETWORK ANOMALIES USING ADDITIONAL DATA

US 20160254944A1
Filed: 10/18/2013
Published: 09/01/2016
Est. Priority Date: 10/18/2013
Status: Active Grant

First Claim

Patent Images

1. A method for analyzing network anomalies in a communication network, the method comprising:

receiving an indication of a network anomaly which was detected by monitoring the communication network;

on the basis of data representing the detected network anomaly and on the basis of additional data, performing classification of the detected network anomaly; and

depending on the classification of the detected network anomaly, providing a report of the detected network anomaly.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network anomaly detector detects a network anomaly by monitoring a communication network and provides an indication of the detected network anomaly to a network anomaly analyzer. The network anomaly analyzer receives the indication of the detected network anomaly and, on the basis of data representing the detected network anomaly and additional data, e.g., from outside the communication network, performs classification of the detected network anomaly. Depending on the classification of the detected network anomaly, the network anomaly analyzer provides a report of the detected network anomaly to another node. If for example the detected network anomaly is classified as expected behavior, reporting of the detected network anomaly may be suppressed.

Citations

34 Claims

1. A method for analyzing network anomalies in a communication network, the method comprising:
- receiving an indication of a network anomaly which was detected by monitoring the communication network;
  
  on the basis of data representing the detected network anomaly and on the basis of additional data, performing classification of the detected network anomaly; and
  
  depending on the classification of the detected network anomaly, providing a report of the detected network anomaly.
- View Dependent Claims (2, 3, 5, 6, 7, 9, 11, 12, 13, 14, 34)
- - 2. The method according to claim 1,wherein the additional data comprise information from outside the communication network.
  - 3. The method according to claim 2,wherein the information from outside the communication network comprise at least one ofinformation on events in a service area of the communication network;
    - andinformation on weather in a service area of the communication network.
  - 5. The method according to claim 1,wherein the additional data comprise information on one or more previously detected network anomalies.
  - 6. The method according to claim 5,wherein said classification of the detected network anomaly is based on pattern matching with respect to anomaly information obtained from the information on one or more previously detected network anomalies.
  - 7. The method according to any one of the preceding claims claim 1,wherein the data representing the detected network anomaly comprise at least one ofa timing of the detected network anomaly;
    - anda location of the detected network anomaly.
  - 9. The method according to claim 1,wherein said classification of the detected network anomaly is based on at least one oftime-domain correlation of the data representing the detected network anomaly with the additional data;
    - andlocation-domain correlation of the data representing the detected network anomaly with the additional data.
  - 11. The method according to claim 1,wherein the classification of the detected network anomaly distinguishes between expected behavior and unexpected behavior.
  - 12. The method according to claim 1, comprising:
    - in response to classification of the detected network anomaly as expected behavior, suppressing reporting of the detected network anomaly.
  - 13. The method according to claim 1,wherein the report indicates a result of the classification.
  - 14. The method according to claim 1, further comprising:
    - depending on the classification, providing feedback to a network anomaly detector used for detecting the network anomaly.
  - 34. A computer program product comprising a non-transitory computer readable storage medium storing program code to be executed by at least one processor of a device for analyzing detected network anomalies, wherein execution of the program code causes the at least one processor to perform steps of the method according to claim 1.

4. (canceled)

8. (canceled)

10. (canceled)

15. A device for analyzing network anomalies in a communication network, the device comprising at least one processor,wherein the at least one processor is configured to:
- receive an indication of a network anomaly which was detected by monitoring the communication network;
  
  on the basis of data representing the detected network anomaly and on the basis of additional data, perform classification of the detected network anomaly; and
  
  depending on the classification of the detected network anomaly, provide a report of the detected network anomaly.
- View Dependent Claims (18, 19, 21, 22, 23, 25, 27, 28, 29, 30)
- - 18. The device according to claim 15,wherein the additional data comprise information from outside the communication network.
  - 19. The device according to claim 18,wherein the information from outside the communication network comprise at least one ofinformation on events in a service area of the communication network;
    - andinformation on weather in a service area of the communication network.
  - 21. The device according to claim 15,wherein the additional data comprise information on one or more previously detected network anomalies.
  - 22. The device according to claim 21,wherein said classification of the detected network anomaly is based on pattern matching with respect to anomaly information obtained from the information on one or more previously detected network anomalies.
  - 23. The device according to claim 15,wherein the data representing the detected network anomaly comprise at least one ofa timing of the detected network anomaly;
    - anda location of the detected network anomaly.
  - 25. The device according to claim 15,wherein said classification of the detected network anomaly is based on at least one oftime-domain correlation of the data representing the detected network anomaly with the additional data;
    - andlocation-domain correlation of the data representing the detected network anomaly with the additional data.
  - 27. The device according to claim 15,wherein the classification of the detected network anomaly distinguishes between expected behavior and unexpected behavior.
  - 28. The device according to claim 15,wherein the at least one processor is configured to suppress reporting of the detected network anomaly in response to classification of the detected network anomaly as expected behavior.
  - 29. The device according to claim 15,wherein the report indicates a result of the classification.
  - 30. The device according to claim 15,wherein the at least one processor is configured to provide, depending on the classification, feedback to a network anomaly detector used for detecting the network anomaly.

16-17. -17. (canceled)

20. (canceled)

24. (canceled)

26. (canceled)

31. (canceled)

32. A system for analyzing network anomalies in a communication network, the system comprising:
- a network anomaly detector; and
  
  a network anomaly analyzer,wherein the network anomaly detector is configured to detect a network anomaly by monitoring the communication network and provide an indication of the detected network anomaly to the network anomaly analyzer, andwherein the network anomaly analyzer is configured to;
  
  receive the indication of the detected network anomaly,on the basis of data representing the detected network anomaly and additional data, perform classification of the detected network anomaly, anddepending on the classification of the detected network anomaly, provide a report of the detected network anomaly.

33. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
SEYVET, Nicolas, LARSSON, Tony, KVERNVIK, Tor, MORITZ, Simon

Granted Patent

US 10,404,525 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 41/0604   using filtering, e.g. reduc...

H04L 41/0613   based on the type or catego...

H04L 41/0618   based on the physical or lo...

H04L 41/064   involving time analysis

H04L 41/065   involving logical or physic...

H04L 41/14   Network analysis or design

H04L 41/142   using statistical or mathem...

H04L 43/067   using time frame reporting

H04L 63/1425   Traffic logging, e.g. anoma...

H04W 24/04   Arrangements for maintainin...

CLASSIFICATION OF DETECTED NETWORK ANOMALIES USING ADDITIONAL DATA

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

CLASSIFICATION OF DETECTED NETWORK ANOMALIES USING ADDITIONAL DATA

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links