이 애플리케이션의 일부 콘텐츠는 현재 사용할 수 없습니다.
이 상황이 계속되면 다음 주소로 문의하십시오피드백 및 연락
1. (WO2018224670) ANOMALY DETECTION IN COMPUTER NETWORKS
유의사항: 이 문서는 자동 광학문자판독장치(OCR)로 처리된 텍스트입니다. 법률상의 용도로 사용하고자 하는 경우 PDF 버전을 사용하십시오

CLAIMS

1 . A method of anomaly detection for network traffic communicated by devices via a computer network, the method comprising:

clustering a set of time series, each time series including a plurality of time windows of data corresponding to network communication characteristics for a device;

training an autoencoder for each cluster based on time series in the cluster;

generating a set of reconstruction errors for each autoencoder based on testing the autoencoder with data from time windows of at least a subset of the time series;

generating a probabilistic model of reconstruction errors for each autoencoder; and generating an aggregation of the probabilistic models for, in use, detecting reconstruction errors for a time series of data corresponding to network communication characteristics for a device as anomalous.

2. The method of claim 1 wherein the clusters are defined based on an autoencoder for converting each time series to a vector of features for the time series and a clustering algorithm clusters the vectors.

3. The method of any preceding claim wherein the set of reconstruction errors for an autoencoder are generated based on the autoencoder processing each time series in a corresponding cluster of time series.

4. The method of claim 1 wherein the clustering are defined based on a random subdivision of the set of time series.

5. The method of claim 4 wherein the set of reconstruction errors for an autoencoder are generated based on the autoencoder processing each of the time series.

6. The method of any preceding claim wherein each probabilistic model is a Gaussian model of reconstruction errors for an autoencoder.

7. The method of claim 6 wherein the aggregation of the probabilistic models is a Gaussian mixture model.

8. The method of any of claims 1 to 5 wherein the aggregation of the probabilistic models is a hidden Markov model.

9. A computer system including a processor and memory storing computer program code for performing the steps of any preceding claim.

10. A computer program element comprising computer program code to, when loaded into a computer system and executed thereon, cause the computer to perform the steps of a method as claimed in any of claims 1 to 8.