公开(公告)号：US20200210782A1

公开(公告)日：2020-07-02

申请号：US16619745

申请日：2018-06-08

Applicant: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY

Inventor： Maximilien SERVAJEAN ,  Yipeng CHENG

IPC: G06K9/62 ,  G06N3/04 ,  H04L29/06

Abstract: A method of anomaly detection for network traffic communicated by devices via a computer network, the method including clustering a set of time series, each time series including a plurality of time windows of data corresponding to network communication characteristics for a device; training an autoencoder for each cluster based on time series in the cluster; generating a set of reconstruction errors for each autoencoder based on testing the autoencoder with data from time windows of at least a subset of the time series; generating a probabilistic model of reconstruction errors for each autoencoder; and generating an aggregation of the probabilistic models for, in use, detecting reconstruction errors for a time series of data corresponding to network communication characteristics for a device as anomalous.

公开(公告)号：US20220407884A1

公开(公告)日：2022-12-22

申请号：US17756033

申请日：2020-11-10

Applicant: British Telecommunications Public Limited Company

Inventor： Fadi EL-MOUSSA ,  Yipeng CHENG

IPC: H04L9/40 ,  H04L67/51

Abstract: A computer implemented method of computer security for a network-connected device communicating via a computer network, by accessing one or more attributes of communication over the network by the device, the communication according with one or more service discovery protocols; classifying the device based on the attributes, the classification having associated a predetermined set of acceptable states of operation of the device; deploying security measures for the device responsive to a detection of a deviation of a state of operation of the device from the acceptable states of operation, wherein the classification is made using a supervised machine learning method trained using training data for a plurality of training network-connected devices each having associated one or more attributes of communication over a network according with the one or more service discovery protocols, and each device having associated a definition of a set of acceptable states of operation.

公开(公告)号：US20220060492A1

公开(公告)日：2022-02-24

申请号：US17309528

申请日：2019-12-01

Applicant: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY

Inventor： Giulio GIACONI ,  Yipeng CHENG

IPC: H04L29/06 ,  G06N3/08

Abstract: A computer implemented method of detecting anomalous behavior within a computer network, the method including accessing data records each corresponding to an occurrence of communication occurring via the computer network and including a plurality of attributes of the communication; generating, for each of at least a subset of the data records, a training data item for a neural network, the training data item being derived from at least a portion of the attributes of the record and the neural network having input units and output units corresponding to items in a corpus of attribute values for communications occurring via the network; augmenting the training data by replicating each of one or more training data items responsive to one or more attributes of the data record corresponding to the training data item; training the neural network using the augmented training data so as to define a vector representation for each attribute value in the corpus based on weights in the neural network for an input unit corresponding to the attribute value; repeating the accessing, the generating, the augmenting and the training to generate multiple generations of vector representations for each attribute value in the corpus, each generation corresponding to data records received during a different time period; and for at least a subset of attribute values in the corpus, comparing the multiple generations of vector representations to identify a change in one or more vector representation as an indication of an anomalous change of behavior in the computer network.