公开(公告)号：US20240283806A1

公开(公告)日：2024-08-22

申请号：US18581779

申请日：2024-02-20

Applicant: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY

Inventor： Michael GIBSON ,  Alexander HEALING ,  Aditya MANOCHA

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/1441

Abstract: A computer-implemented method of training a network anomaly detection system is disclosed. The method involves generating synthetic benign network data and synthetic anomalous network data and combining the synthetic benign network data and synthetic anomalous network data to generate combined synthetic network data having a predetermined density of anomalous network data. The combined synthetic network data is provided to a trained anomaly detection model, and an accuracy score is determined that is representative of how accurately the trained anomaly detection model recognizes anomalous activity in the combined synthetic network data. If the accuracy score is less than a threshold value, the anomaly detection model is trained with additional network data and a new accuracy score is determined. Otherwise, the predetermined density of anomalous network data is reduced and a new accuracy score is determined until a predetermined stopping criterion is met.

公开(公告)号：US20200220892A1

公开(公告)日：2020-07-09

申请号：US16738614

申请日：2020-01-09

Applicant: British Telecommunications Public Limited Company

Inventor： Michael GIBSON

IPC: H04L29/06 ,  H04L12/733 ,  H04L12/801 ,  G06F16/901

Abstract: A computer implemented method of identifying anomalous behavior of a computer system in a set of intercommunicating computer systems, each computer system in the set being uniquely identifiable, the method including monitoring communication between computer systems in the set for a predetermined baseline time period to generate a baseline vector representation of each of the systems; monitoring communication between computer systems in the set for a subsequent predetermined time period to generate a subsequent vector representation of each of the systems; comparing baseline and subsequent vector representations corresponding to a target computer system using a vector similarity function to identify anomalous behavior of the target system in the subsequent time period compared to the baseline time period, wherein a vector representation of the target system for a time period is generated based on a deterministic walk of a graph representation of communications between the computer systems in which nodes of the graph correspond to computer systems in the set and weighted directed edges between nodes of the graph correspond to a characteristic of communication between pairs of computer systems in the set.