ANOMALY DETECTION AND IDENTIFICATION USING TRAFFIC STEERING AND REAL-TIME ANALYTICS
First Claim
1. A method, performed by an analytics and reporting (AR) server, associated with a service provider network, comprising:
- monitoring, by the AR server, a plurality of packets associated with traffic that is traveling to or from the service provider network;
obtaining, by the AR server, traffic metrics associated with the plurality of packets, based on the monitoring of the traffic, where the traffic metrics are obtained with respect to one or more network layers;
detecting, by the AR server, an anomaly associated with the plurality of packets, based on traffic metrics associated with at least one network layer of the one or more network layers;
obtaining, by the AR server and from another server associated with the service provider network, copies of one or more packets, of the plurality of packets, based on the detection of the anomaly;
analyzing, by the content distribution system, each packet, of the copies of the one or more packets, to obtain information associated with the anomaly; and
sending, by the content distribution system and to a server device associated with the service provider network, a notification that indicates that the anomaly has been detected, where the notification includes at least one of;
the traffic metrics associated with the plurality of packets,the copies of the one or more packets, orinformation associated with the anomaly.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, associated with a service provider network, is configured to monitor traffic, that is traveling to or from the service provider network, to obtain traffic metrics that correspond to a collection of network layers, where the network layers; process the traffic metrics with respect to each of the network layers to identify an anomaly, associated with the traffic, that corresponds to at least one of the network layers; send a request for packets associated with the traffic based on the identification of the anomaly; receive copies of the packets associated with the traffic; analyze the copies of the packets to obtain information associated with the anomaly; and send a notification that indicates that the anomaly has been identified, where the notification includes the traffic metrics associated with the traffic or the information associated with the anomaly.
97 Citations
25 Claims
-
1. A method, performed by an analytics and reporting (AR) server, associated with a service provider network, comprising:
-
monitoring, by the AR server, a plurality of packets associated with traffic that is traveling to or from the service provider network; obtaining, by the AR server, traffic metrics associated with the plurality of packets, based on the monitoring of the traffic, where the traffic metrics are obtained with respect to one or more network layers; detecting, by the AR server, an anomaly associated with the plurality of packets, based on traffic metrics associated with at least one network layer of the one or more network layers; obtaining, by the AR server and from another server associated with the service provider network, copies of one or more packets, of the plurality of packets, based on the detection of the anomaly; analyzing, by the content distribution system, each packet, of the copies of the one or more packets, to obtain information associated with the anomaly; and sending, by the content distribution system and to a server device associated with the service provider network, a notification that indicates that the anomaly has been detected, where the notification includes at least one of; the traffic metrics associated with the plurality of packets, the copies of the one or more packets, or information associated with the anomaly. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computing device associated with a service provider network, the computing device comprising:
one or more processors to; monitor traffic, that is traveling to or from the service provider network, to obtain traffic metrics, associated with the traffic, that corresponds to one or more network layers, where the one or more network layers include at least one of a physical layer, a network layer, a transport layer, a session layer, a presentation layer, or an application layer, process the traffic metrics with respect to each of the one or more network layers to identify an anomaly, associated with the traffic, that corresponds to at least one network layer of the one or more network layers, send, to a steering server, a request for packets associated with the traffic based on the identification of the anomaly, receive, from the steering server, copies of the packets associated with the traffic, analyze the copy of the packets to obtain information associated with the anomaly, and send, to a server device, a notification that indicates that the anomaly has been identified, where the notification includes the traffic metrics associated with the traffic or the information associated with the anomaly. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
21. A server device, associated with a service provider network, comprising:
-
a memory to store information associated with one or more anomalies detected within the service provider network; and a processor to; monitor traffic received from or destined for a user device associated with the service provider network, obtain, from the traffic and based on monitoring the traffic, information associated with the traffic that corresponds to one or more network layers associated with the service provider network, determine that an anomaly is associated with the traffic based on the information associated with the traffic and one or more thresholds that corresponds to the one or more network layers, generate copies of packets associated with the traffic based on the determination that the anomaly is associated with the traffic, analyze the copies of the packets to obtain information associated with the anomaly, retrieve, from the memory, the information associated with the one or more anomalies, send, to a network management server associated with the service provider network, a notification that indicates that the anomaly has been detected, where the notification includes at least one of; the information associated with the traffic, the information associated with the anomaly, and the information associated with the one or more anomalies. - View Dependent Claims (22, 23, 24, 25)
-
Specification