公开(公告)号：US12027044B2

公开(公告)日：2024-07-02

申请号：US17515309

申请日：2021-10-29

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Madhusoodhana Chari Sesha ,  Sunil Sukumaran

IPC: G08G1/01

CPC classification number: G08G1/0145 ,  G08G1/0133 ,  G08G1/0141

Abstract: Systems and methods are provided for combining a multiple sub-time window sampling architecture with machine learning to detect outlier traffic flow behavior which may indicate malicious/problematic network activity. For example, a network device may obtain a sample of traffic flow data during a defined time window. The sample of traffic flow data may comprise information associated with a sampled subset of traffic flows transferred by a network device in the defined time window. The network device may partition the defined time window into two or more sub-time windows. In each sub-time window, using machine learning, the network device may assign an outlier-related classification to each sampled traffic flow based on the relative behavioral characteristics of all the sampled traffic flows. The network device may aggregate the outlier-related classifications for each sampled traffic flow across multiple sub-time windows, and process traffic flows based on the aggregated outlier-related classifications.