摘要 |
<p>A method and apparatus for anomaly detection in a network management system is described. The method may comprise: collecting metric data from a plurality of managed network devices; determining metric types for the collected metric data using metric type reference data; determining and applying properties from the metric type reference data to collected metrics of the determined metric types; and monitoring subsequent collected metric data for anomalies that do not conform to the applied properties. The method is particularly aimed at avoiding manually configuring multiple threshold definitions for large, complex networks wherein the system is self-learning of the expected characteristics (e.g. reference levels/baseline) of the multiple types of metrics that are collected for the network. The multiple types of metrics may include percentage 402 type values, availability 404 type values, response time-type values 406, counter-type values 408 and other/general types 410. Various metrics may be monitored as the system described is data agnostic. Monitored metrics could include, for example, CPU/processor/memory usage, availability, response times etc.</p> |