Invention Publication
- Patent Title: ANOMALY DETECTION USING LOGS
-
Application No.: US18465074Application Date: 2023-09-11
-
Publication No.: US20240118957A1Publication Date: 2024-04-11
- Inventor: Péter SZILÁGYI , Gabor HORVATH , Attila KADAR
- Applicant: Nokia Solutions and Networks Oy
- Applicant Address: FI Espoo
- Assignee: Nokia Solutions and Networks Oy
- Current Assignee: Nokia Solutions and Networks Oy
- Current Assignee Address: FI Espoo
- Priority: WO TIB2022059636 2022.10.07
- Main IPC: G06F11/07
- IPC: G06F11/07
Abstract:
Converting each log of a sequence of N logs into an identifier among K different identifiers to obtain a sequence of N identifiers;
for each n between 0 and N:
for each K identifier: counting occurrences of the identifier among the first n identifiers of the sequence to obtain a front frequency of the identifier for the respective n; and
for each K identifier: counting occurrences of the identifier among the last N−n identifiers of the sequence to obtain a rear frequency of the identifier for the respective n;
arranging front frequencies and rear frequencies in a count vector;
inputting the count vector an autoencoder to obtain an output vector for the respective n;
determining a difference between the output vector and the count vector;
marking the sequence as anomalous if the difference between the output vector and the count vector is larger than a threshold.
for each n between 0 and N:
for each K identifier: counting occurrences of the identifier among the first n identifiers of the sequence to obtain a front frequency of the identifier for the respective n; and
for each K identifier: counting occurrences of the identifier among the last N−n identifiers of the sequence to obtain a rear frequency of the identifier for the respective n;
arranging front frequencies and rear frequencies in a count vector;
inputting the count vector an autoencoder to obtain an output vector for the respective n;
determining a difference between the output vector and the count vector;
marking the sequence as anomalous if the difference between the output vector and the count vector is larger than a threshold.
Information query
