×

Anomaly detection in a network coupling state information with machine learning outputs

  • US 10,063,575 B2
  • Filed: 10/08/2015
  • Issued: 08/28/2018
  • Est. Priority Date: 10/08/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method, comprising:

  • receiving, at a device in a network, an output of an anomaly detection model produced by a machine learning algorithm, wherein the anomaly detection model detects anomalies in network traffic behavior;

    retrieving, by the device, state information surrounding the output of the anomaly detection model, wherein the state information is information about the network retrieved from one or more devices in the network;

    correlating, by the device, the retrieved state information with the output of the anomaly detection model produced by the machine learning algorithm;

    based on the correlation, determining, by the device, whether the state information supports the output of the anomaly detection model to assess a performance of the anomaly detection model output, wherein the state information comprises information that was not used as input to the anomaly detection model;

    detecting, by the device, a false positive in the anomaly detection model output based on the retrieved state information not supporting the anomaly detection output; and

    dynamically retraining the anomaly detection model, by the device, to adjust the anomaly detection model produced by the machine learning algorithm when the false positive is detected.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×