Cybersecurity system evaluation and configuration
US-12292971-B2 · May 6, 2025 · US
Network anomaly detection
US2024283806A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2024283806-A1 |
| Application number | US-202418581779-A |
| Country | US |
| Kind code | A1 |
| Filing date | Feb 20, 2024 |
| Priority date | Feb 21, 2023 |
| Publication date | Aug 22, 2024 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A computer-implemented method of training a network anomaly detection system is disclosed. The method involves generating synthetic benign network data and synthetic anomalous network data and combining the synthetic benign network data and synthetic anomalous network data to generate combined synthetic network data having a predetermined density of anomalous network data. The combined synthetic network data is provided to a trained anomaly detection model, and an accuracy score is determined that is representative of how accurately the trained anomaly detection model recognizes anomalous activity in the combined synthetic network data. If the accuracy score is less than a threshold value, the anomaly detection model is trained with additional network data and a new accuracy score is determined. Otherwise, the predetermined density of anomalous network data is reduced and a new accuracy score is determined until a predetermined stopping criterion is met.
First claim
Opening claim text (preview).
1 . A network anomaly detection system comprising: at least one processor and memory configured to: generate synthetic benign network data and synthetic anomalous network data; combine the synthetic benign network data and synthetic anomalous network data to generate combined synthetic network data having a predetermined density of anomalous network data; provide the combined synthetic network data to a trained anomaly detection model; determine an accuracy score representative of how accurately the trained anomaly detection model recognizes anomalous activity in the combined synthetic network data; and performing one of: responsive to determining that the accuracy score is less than a threshold value, train the anomaly detection model with additional network data and then repeat the providing, the determining, and the performing, or reducing the predetermined density of anomalous network data and repeating the combining, the providing, and the determining until a predetermined stopping criterion is met. 2 . The network anomaly detection system of claim 1 , wherein the synthetic benign network data is generated using a generative data model with real-world benign network data. 3 . The network anomaly detection system of claim 1 , wherein the predetermined stopping criterion is a predetermined minimum density of anomalous network data. 4 . The network anomaly detection system of claim 1 , wherein training the anomaly detection model with additional network data comprises training the anomaly detection model with training data having the predetermined density of anomalous network data. 5 . The network anomaly detection system of claim 1 , further configured to use the anomaly detection model to detect anomalous activity in real network data subsequent to the training or the reducing. 6 . The network anomaly detection system of claim 5 , further comprising an anomaly response system configured to perform a mitigative action in response to detection of the anomalous activity. 7 . A computer-implemented method of training a network anomaly detection system, the method comprising: generating synthetic benign network data and synthetic anomalous network data; combining the synthetic benign network data and synthetic anomalous network data to generate combined synthetic network data having a predetermined density of anomalous network data; providing the combined synthetic network data to a trained anomaly detection model; determining an accuracy score representative of how accurately the trained anomaly detection model recognizes anomalous activity in the combined synthetic network data; and performing one of: responsive to determining that the accuracy score is less than a threshold value, proceeding by training the anomaly detection model with additional network data and then repeating the providing, the determining, and the performing, or reducing the predetermined density of anomalous network data and repeating the combining, the providing, and the determining until a predetermined stopping criterion is met. 8 . The method of claim 7 , wherein the synthetic benign network data is generated by a generative data model using real-world benign network data. 9 . The method of claim 7 or, wherein the predetermined stopping criterion is a predetermined minimum density of anomalous network data. 10 . The method of claim 7 , wherein training the anomaly detection model with additional network data comprises training the anomaly detection model with training data having the predetermined density of anomalous network data. 11 . A computer-implemented anomaly detection method comprising: training a network anomaly detection system using the method of claim 7 ; and subsequent to training the network anomaly detection system, using the network anomaly detection system to detect anomalous activity in real network data. 12 . The method of claim 11 , further comprising performing a mitigative action in response to detecting the anomalous activity. 13 . The network anomaly detection system of claim 1 , wherein the network anomaly detection system is an intrusion detection system. 14 . The method of claim 7 , wherein the network anomaly detection system is an intrusion detection system. 15 . A non-transitory computer-readable storage medium storing a computer program comprising instructions which, when executed by a computer, cause the computer to carry out the method of claim 7 .
Assignees
Inventors
Classifications
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
- H04L63/1425Primary
Traffic logging, e.g. anomaly detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2024283806A1 cover?
- A computer-implemented method of training a network anomaly detection system is disclosed. The method involves generating synthetic benign network data and synthetic anomalous network data and combining the synthetic benign network data and synthetic anomalous network data to generate combined synthetic network data having a predetermined density of anomalous network data. The combined syntheti…
- Who is the assignee on this patent?
- British Telecomm
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1425. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Aug 22 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 9 related publications on this page (citations in our corpus or others sharing the same primary CPC).