What technology area does this patent fall under?

Primary CPC classification H04L63/1458. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Jul 10 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 9 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Network state information correlation to detect anomalous conditions

US10021130B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10021130-B2
Application number	US-201514868158-A
Country	US
Kind code	B2
Filing date	Sep 28, 2015
Priority date	Sep 28, 2015
Publication date	Jul 10, 2018
Grant date	Jul 10, 2018

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

State information relating to the operation of network devices is used to identify network issues and/or anomalies relating to the operation of the network. The state information from the network devices may include time-series signals from a number of the network devices. Correlation values may be obtained between pairs of time-series signals. Pairs of time-series signals that have a relatively high correlation value may be determined to be related to one another. In one implementation, mitigation of the network issues/anomalies may be automatically performed based on calculated correlation values.

First claim

Opening claim text (preview).

What is claimed is: 1. A device comprising: a non-transitory computer-readable medium containing program instructions; and one or more processors to execute the program instructions to: receive state information, from a plurality of network router devices, the state information corresponding to traffic throughput measurements at interfaces of the plurality of network router devices; generate a plurality of time-series signals corresponding to the received state information; identify a reference time-series signal, from the plurality of time-series signals, as a time-series signal that corresponds to a particular network router device, of the plurality of network router devices, for which an alarm has been generated that indicates potential problems or issues with the particular network device; calculate a plurality of correlation values, each of the plurality of correlation values being calculated as a correlation between the reference time-series signal and one of the plurality of time-series signals that corresponds to one of the plurality of network router devices other than the particular network device; sort the calculated plurality of correlation values; identify, based on the sorted plurality of correlation values, one or more of the plurality of network router devices, in addition to the particular network router device, that are likely to also be associated with the potential problems or issues of the particular network device; and output an indication of the identified network router devices as network router devices that are likely to be undergoing an anomalous condition. 2. The device of claim 1 , wherein identifying the reference time-series signal includes: determining when one of the plurality of time-series signals matches a pattern; and identifying the reference time-series signal as the time-series signal that matches the pattern. 3. The device of claim 1 , wherein the sorting of the correlation values includes sorting the correlation values in descending order. 4. The device of claim 1 , wherein the one or more processors are further to execute the program instructions to: determine network topology information corresponding to a network associated with the plurality of network devices; and determine, based on the network topology information, time-series signals that correspond to network devices, of the plurality of network devices, that are in the vicinity of the network device associated with the reference time-series signal, wherein the plurality of correlation values are calculated between the reference time-series signals and the time-series signals that are determined to correspond to the network devices in the vicinity of the of the network device associated with the reference time-series signal. 5. The device of claim 4 , wherein the network topology information includes connections between the plurality of network devices. 6. The device of claim 4 , wherein the network topology information includes information identifying geographical locations of the plurality of network devices. 7. The device of claim 1 , wherein the device further comprises processing logic to: identify, based on the calculated correlation values, interfaces of the routers that are under Distributed Denial of Service (DDoS) attack; and adjust parameters corresponding to the routers to mitigate the effects of the DDoS attack. 8. A method, implemented by one or more computing devices, comprising: receiving, by the one or more computing devices, state information, from a plurality of network router devices, the state information corresponding to traffic throughput measurements at interfaces of the plurality of network router devices; generating, by the one or more computing devices, a plurality of time-series signals corresponding to the received state information; identifying, by the one or more computing devices, a reference time-series signal, from the plurality of time-series signal, as a time-series signal that corresponds to a particular network router device, of the plurality of network router devices, for which an alarm has been generated that indicates potential problems or issues with the particular network device; calculating, by the one or more computing devices, a plurality of correlation values, each of the plurality of correlation values being calculated as a correlation between the reference time-series signal and one of the plurality of time-series signals that correspond to one of the plurality of network router devices other than the particular network device; sorting the calculated plurality of correlation values; identifying, based on the sorted plurality of correlation values, one or more of the plurality of network router devices, in addition to the particular network router device, that are likely to also be associated with the potential problems or issues of the particular network device; and outputting an indication of the identified network router devices as network router devices that are likely to be undergoing an anomalous condition. 9. The method of claim 8 , wherein the sorting of the correlation values includes sorting the correlation values in descending order. 10. The method of claim 8 , wherein the method further comprises: identifying, based on the calculated correlation values, interfaces of the routers that are under Distributed Denial of Service (DDoS) attack; and adjusting parameters corresponding to the routers to mitigate the effects of the DDoS attack. 11. A non-transient computer-readable medium containing program instructions for causing a computer to: receive state information, from a plurality of network router devices, the state information corresponding to traffic throughput measurements at interfaces of the plurality of network router devices; generate a plurality of time-series signals corresponding to the received state information; identify a reference time-series signal, from the plurality of time-series signals, as a time-series signal that corresponds to a particular network router device, of the plurality of network router devices, for which an alarm has been generated that indicates potential problems or issues with the particular network device; calculate a plurality of correlation values, each of the plurality of correlation values being calculated as a correlation between the reference time-series signal and one of the plurality of time-series signals that corresponds to one of the plurality of network router devices other than the particular network device; sort the calculated plurality of correlation values; identify, based on the sorted plurality of correlation values, one or more of the plurality of network router devices, in addition to the particular network router device, that are likely to also be associated with the potential problems or issues of the particular network device; and output an indication of the identified network router devices as network router devices that are likely to be undergoing an anomalous condition. 12. The computer-readable medium of claim 11 , wherein identifying the reference time-series signal includes: determining when one of the plurality of time-series signals matches a pattern; and identifying the reference time-series signal as the time-series signal that matches the pattern. 13. The computer-readable medium of claim 11 , wherein the sorting of the correlation values includes sorting the correlation values in descending order. 14. The computer-readable medium of claim 11 , wherein the program instructions further cause the computer to: determine network topology information corresponding to a

Assignees

Verizon Patent & Licensing Inc

Inventors

Srivastava Ashok N

Classifications

H04L41/12
Discovery or management of network topologies · CPC title
H04L63/1416
Event detection, e.g. attack signature detection · CPC title
H04L63/1458Primary
Denial of Service · CPC title
H04L43/08
Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters · CPC title
H04L43/0888
Throughput · CPC title

Patent family

Related publications grouped by family.

View patent family 58409407

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10021130B2 cover?: State information relating to the operation of network devices is used to identify network issues and/or anomalies relating to the operation of the network. The state information from the network devices may include time-series signals from a number of the network devices. Correlation values may be obtained between pairs of time-series signals. Pairs of time-series signals that have a relativel…
Who is the assignee on this patent?: Verizon Patent & Licensing Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/1458. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Jul 10 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 9 related publications on this page (citations in our corpus or others sharing the same primary CPC).