公开(公告)号：US20230125203A1

公开(公告)日：2023-04-27

申请号：US17915458

申请日：2021-03-12

Applicant: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY

Inventor： Ahmed SAEED ,  Giulio GIACONI

IPC: H04L9/40

Abstract: A computer implemented method for detecting anomalies in a computer network is provided together with a network monitoring system and computer programs for carrying out the method. The method obtains a model representing normal characteristics of network traffic associated with a set of devices within the computer network. The method analyses network traffic using the model to identify anomalous network traffic associated with the set of devices. The method clusters the anomalous network traffic into clusters of network traffic that share similar characteristics. The method provides an indication that either (i) the network traffic associated with a cluster relates to a new type of anomaly involving the set of devices or (ii) that no new types of anomaly are present.