Anomaly detection supporting new application deployments
First Claim
Patent Images
1. A method, comprising:
- maintaining, by a device in a network, information regarding anomaly detection models used in the network and applications associated with traffic analyzed by the anomaly detection models wherein the device acts as a supervisory and control agent (SCA) device;
receiving, at the device, an indication of a planned application deployment in the network; and
adjusting, by the device, an anomaly detection strategy of a particular anomaly detector of a distributed learning agent (DLA) device in the network prior to deployment of the planned application, wherein the information regarding anomaly detection models used in the network and the applications associated with the traffic analyzed by the anomaly detection models is used by the device to adjust the anomaly detection strategy.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a device in a network maintains information regarding anomaly detection models used in the network and applications associated with traffic analyzed by the anomaly detection models. The device receives an indication of a planned application deployment in the network. The device adjusts an anomaly detection strategy of a particular anomaly detector in the network based on the planned application deployment and on the information regarding anomaly detection models used in the network and the applications associated with the traffic analyzed by the anomaly detection models.
-
Citations
20 Claims
-
1. A method, comprising:
-
maintaining, by a device in a network, information regarding anomaly detection models used in the network and applications associated with traffic analyzed by the anomaly detection models wherein the device acts as a supervisory and control agent (SCA) device; receiving, at the device, an indication of a planned application deployment in the network; and adjusting, by the device, an anomaly detection strategy of a particular anomaly detector of a distributed learning agent (DLA) device in the network prior to deployment of the planned application, wherein the information regarding anomaly detection models used in the network and the applications associated with the traffic analyzed by the anomaly detection models is used by the device to adjust the anomaly detection strategy. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method, comprising:
-
providing, by an anomaly detector of a distributed learning agent (DLA) device in a network, information regarding one or more anomaly detection models executed by the DLA device and the applications associated with the traffic analyzed by the one or more anomaly detection models; receiving, at the DLA device from a supervisory and control agent (SCA) device, an indication of a new application to be deployed in the network and an adjusted anomaly detection model, wherein the adjusted anomaly detection model is adjusted by the SCA device based on other anomaly detection models used in the network and applications associated with traffic analyzed by the other anomaly detection models; and prior to deployment of the planned application, adjusting, by the DLA device, an anomaly detection strategy of the anomaly detector based on the adjusted anomaly detection model. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An apparatus, comprising:
-
one or more network interfaces to communicate with a network; a processor coupled to the network interfaces and adapted to execute one or more processes to act as a supervisory and control agent (SCA) device for a plurality of distributed learning agent (DLA) devices in the network; and a memory configured to store a process executable by the processor, the process when executed configured to; maintain information regarding anomaly detection models used in the network and applications associated with the traffic analyzed by the anomaly detection models; receive an indication of a planned application deployment in the network; and adjust an anomaly detection strategy of a particular anomaly detector at a DLA device of the plurality of DLA devices in the network prior to deployment of the planned application, wherein the information regarding anomaly detection models used in the network and the applications associated with the traffic analyzed by the anomaly detection models is used by the DLA device to adjust the anomaly detection strategy. - View Dependent Claims (14, 15, 16)
-
-
17. An apparatus, comprising:
-
one or more network interfaces to communicate with a network; a processor coupled to the network interfaces and adapted to execute one or more processes to act as a distributed learning agent (DLA) device in the network; and a memory configured to store a process executable by the processor, the process when executed configured to; provide, to a supervisory and control agent (SCA) device, information regarding one or more anomaly detection models executed by the apparatus and applications associated with the traffic analyzed by one or more anomaly detection models of the apparatus; receive, from the SCA device, an indication of a new application to be deployed in the network and an adjusted anomaly detection model, wherein the adjusted anomaly detection model is adjusted by the SCA device based on other anomaly detection models used in the network and applications associated with traffic analyzed by the other anomaly detection models; and prior to deployment of the planned application, adjust an anomaly detection strategy of the anomaly detector based on the adjusted anomaly detection model. - View Dependent Claims (18, 19, 20)
-
Specification