摘要 |
<p>Systems and methods are disclosed for analyzing network traffic data to detect anomalies in the data and determine their causes. In one implementation, a system includes a processor and a memory. The memory stores instructions that cause the processor to generate a time series of network traffic values (710). The processor calculates deviation scores for time entries within the time series (720) and detects anomalies in the time series by comparing the deviation score to a predetermined range (730). If the processor detects an anomaly, it may determine a list of IP addresses of computers on the network that may have caused the anomaly (750). The anomaly can be caused by a (distributed) denial of service, DoS, attack, e.g. against a DNS server or a router.</p> |