| 发明名称 | Anomaly detection for packet-based networks | ||
| 摘要 | Disclosed herein is an anomaly detection method for a packet-based network which includes several network resources, also called network-related software objects. The method includes monitoring the network resources of the packet-based network, ordering the monitored network resources according to a given ordering criterion, and detecting an anomaly in the packet-based network based on the ordered network resources. In particular, detecting an anomaly includes forming a detection feature vector based on the ordered network resources, and feeding the detection feature vector to a machine learning system configured to detect an anomaly in the packet-based network based on the detection feature vector. The detection feature vector includes detection feature items related to corresponding monitored network resources, and arranged in the detection feature vector depending on the ordering of the corresponding monitored network resources. Conveniently, the machine learning system is a one-class classifier, preferably a one-class Support Vector Machine (OC-SVM). | ||
| 申请公布号 | US9094444(B2) | 申请公布日期 | 2015.07.28 |
| 申请号 | US200813143062 | 申请日期 | 2008.12.31 |
| 申请人 | Telecom Italia S.p.A. | 发明人 | Baltatu Madalina;Abeni Paolo |
| 分类号 | H04L12/26;H04L29/06 | 主分类号 | H04L12/26 |
| 代理机构 | Banner & Witcoff, Ltd. | 代理人 | Banner & Witcoff, Ltd. |
| 主权项 | 1. An anomaly detection method for a packet-based network, the packet-based network comprising several network resources, the method comprising: forming training feature vectors based on network resources monitored and ordered during a training period; obtaining, based on the training feature vectors, a first vector of a first network resource category comprising a sequence of network resources belonging to the first network resource category; monitoring the network resources of the packet-based network, wherein the monitored network resources belong to two or more network resource categories; forming two or more sequences of network resources comprising a first sequence of network resources belonging to a first network resource category and a second sequence of network resources belonging to a second network resource category, wherein network resources in each sequence are ordered based on a respective amount of data traffic generated or received by each monitored network resource; forming a detection feature vector for the first network resource category based on the sequence of network resources belonging to the first network resource category; determining at least one difference in position of at least one network resource between a position of the least one network resource in the first vector and a position of the at least one network resource in the detection vector; and detecting an anomaly in the packet-based network based on the at least one difference in position of the at least one network resource. | ||
| 地址 | Milan IT | ||