NETWORK STATE INFORMATION CORRELATION TO DETECT ANOMALOUS CONDITIONS
First Claim
Patent Images
1. A device comprising processing logic to:
- receive state information, from a plurality of network devices, the state information corresponding to data relating to an operational state of the plurality of network devices;
generate a plurality of time-series signals corresponding to the received state information;
identify a reference time-series signal from the plurality of time-series signals;
calculate a plurality of correlation values, each of the plurality of plurality of correlation values corresponding to a correlation between the reference time-series signal and one of the plurality of time-series signals; and
output the plurality of correlation values.
1 Assignment
0 Petitions
Accused Products
Abstract
State information relating to the operation of network devices is used to identify network issues and/or anomalies relating to the operation of the network. The state information from the network devices may include time-series signals from a number of the network devices. Correlation values may be obtained between pairs of time-series signals. Pairs of time-series signals that have a relatively high correlation value may be determined to be related to one another. In one implementation, mitigation of the network issues/anomalies may be automatically performed based on calculated correlation values.
38 Citations
20 Claims
-
1. A device comprising processing logic to:
-
receive state information, from a plurality of network devices, the state information corresponding to data relating to an operational state of the plurality of network devices; generate a plurality of time-series signals corresponding to the received state information; identify a reference time-series signal from the plurality of time-series signals; calculate a plurality of correlation values, each of the plurality of plurality of correlation values corresponding to a correlation between the reference time-series signal and one of the plurality of time-series signals; and output the plurality of correlation values. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method, implemented by one or more computing devices, comprising:
-
receiving, by the one or more computing devices, state information, from a plurality of network devices, the state information corresponding to data relating to an operational state of the plurality of network devices; generating, by the one or more computing devices, a plurality of time-series signals corresponding to the received state information; identifying, by the one or more computing devices, a reference time-series signal from the plurality of time-series signals; calculating, by the one or more computing devices, a plurality of correlation values, each corresponding to a correlation between the reference time-series signal and one of the plurality of time-series signals; and outputting, by the one or more computing devices, the correlation values. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A system comprising:
-
a database to store traffic throughput measurements received from network interfaces of routers in a network, the traffic throughput measurements representing a plurality of time-series signals; an anomaly detection component to calculate correlation values between the plurality of time-series signals; and an anomaly mitigation component to; detect an occurrence of a Distributed Denial of Service (DDoS) attack in the network; identify, based on the calculated correlation values, two or more of the network interfaces, of the routers in the network, that are being effected by the DDoS attack; and adjust parameters, corresponding to the identified network interfaces, to mitigate the effects of the DDoS attack. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification