公开(公告)号：US20200334216A1

公开(公告)日：2020-10-22

申请号：US16920977

申请日：2020-07-06

Applicant: Citrix Systems, Inc.

Inventor： Nastaran Baradaran ,  Deepak Nagaraj ,  Muraliraja Muniraju

IPC: G06F16/21 ,  H04L12/24 ,  G06Q10/06 ,  H04L12/26 ,  G06F11/30 ,  G06F11/00 ,  G06F11/34

Abstract: Described embodiments provide systems and methods for detecting outliers on a series of data. A device receives a plurality of data points and adds a received data point to a first window of data comprising at least a predetermined number of received data points from the plurality of data points, responsive to detecting that the received data point is not an outlier from the first window of data. The device detects that one or more next data points of the received plurality of data points are outliers from the first window of data and determines that a count of the one or more next data points that are outliers exceeds a predetermined threshold. In response, the device establishes a replacement window of data.

公开(公告)号：US20180309822A1

公开(公告)日：2018-10-25

申请号：US15496675

申请日：2017-04-25

Applicant: Citrix Systems, Inc.

Inventor： Nastaran Baradaran ,  Muraliraja Muniraju

IPC: H04L29/08 ,  H04L12/24

CPC classification number: H04L67/1008 ,  H04L41/0893 ,  H04L41/142

Abstract: The present disclosure is directed towards systems and methods of detecting a cause of anomalous load balancing among a plurality of servers. A device intermediary to a plurality of clients and a plurality of servers collects values of a plurality of counters. The device identifies a server of the plurality of servers that is an outlier. The device can identify a counter of the plurality of counters that is an outlier based on at least a comparison of values of each of the plurality of counters for each of the plurality of servers. The device can provide, responsive to the determination, an indication that a value of the counter is a factor causing the server to have uneven load balancing during the time interval.

公开(公告)号：US20170126709A1

公开(公告)日：2017-05-04

申请号：US14927580

申请日：2015-10-30

Applicant: Citrix Systems, Inc.

Inventor： Nastaran Baradaran ,  Anoop Reddy ,  Ratnesh Singh Thakur

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/1425 ,  H04L63/1441 ,  H04L63/1458

Abstract: The present disclosure is directed towards systems and methods for detecting anomalous network traffic. Network traffic corresponding to an application executed by a server can be received. Application characteristics of the application can be identified to select an anomaly detection profile. The anomaly detection profile can be selected based on the identified application characteristics. The anomaly detection profile can include a set of detection features for the anomaly and one or more predetermined threshold values of the detection features. One or more feature values of the set of one or more detection features can be determined. An anomaly in the network traffic can be detected responsive to comparing the feature values and the predetermined threshold values of the detection features.

公开(公告)号：US20170124478A1

公开(公告)日：2017-05-04

申请号：US14927553

申请日：2015-10-30

Applicant: Citrix Systems, Inc.

Inventor： Nastaran Baradaran ,  Anoop Reddy ,  Ratnesh Singh Thakur

IPC: G06N99/00 ,  H04L12/26

CPC classification number: G06N99/005 ,  G06N5/045 ,  H04L41/142 ,  H04L41/16 ,  H04L63/1425

Abstract: The present disclosure is directed towards systems and methods for improving anomaly detection using injected outliers. A normalcy calculator of a device may include a set of outliers into a training dataset of data points. The normalcy calculator, using a K-means clustering algorithm applied on the training dataset, identify at least a first cluster of data points. The normalcy calculator of the device may determine a region with a center and an outer radius that covers at least a spatial extent of the first cluster of data points. The normalcy calculator may determine a first normalcy radius for the first cluster by reducing the region around the center until a point at which all artificial outliers are excluded from a region defined by the first normalcy radius. An outlier detector of the device may use the region defined by the first normalcy radius to determine whether a new data point is normal or abnormal.

公开(公告)号：US11924272B2

公开(公告)日：2024-03-05

申请号：US17513527

申请日：2021-10-28

Applicant: Citrix Systems, Inc.

Inventor： Nastaran Baradaran ,  Muraliraja Muniraju

IPC: H04L67/1008 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/142 ,  H04L43/00 ,  H04L43/0876 ,  H04L43/10

CPC classification number: H04L67/1008 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/142 ,  H04L43/0876 ,  H04L43/10 ,  H04L43/14

Abstract: The present disclosure is directed towards systems and methods of detecting a cause of anomalous load balancing among a plurality of servers. A device intermediary to a plurality of clients and a plurality of servers collects values of a plurality of counters. The device identifies a server of the plurality of servers that is an outlier. The device can identify a counter of the plurality of counters that is an outlier based on at least a comparison of values of each of the plurality of counters for each of the plurality of servers. The device can provide, responsive to the determination, an indication that a value of the counter is a factor causing the server to have uneven load balancing during the time interval.

公开(公告)号：US20200067948A1

公开(公告)日：2020-02-27

申请号：US16666092

申请日：2019-10-28

Applicant: Citrix Systems, Inc.

Inventor： Nastaran Baradaran ,  Anoop Reddy ,  Ratnesh Singh Thakur

IPC: H04L29/06

Abstract: The present disclosure is directed towards systems and methods for detecting anomalous network traffic. Network traffic corresponding to an application executed by a server can be received. Application characteristics of the application can be identified to select an anomaly detection profile. The anomaly detection profile can be selected based on the identified application characteristics. The anomaly detection profile can include a set of detection features for the anomaly and one or more predetermined threshold values of the detection features. One or more feature values of the set of one or more detection features can be determined. An anomaly in the network traffic can be detected responsive to comparing the feature values and the predetermined threshold values of the detection features.

公开(公告)号：US10116674B2

公开(公告)日：2018-10-30

申请号：US14928217

申请日：2015-10-30

Applicant: Citrix Systems, Inc.

Inventor： Nastaran Baradaran ,  Anoop Reddy ,  Ratnesh Singh Thakur

IPC: H04L29/06

Abstract: The present disclosure is directed towards systems and methods for characterizing anomalous network traffic. The system includes a device intermediary to clients and servers. The device includes a network traffic engine to receive network traffic including an anomaly. The device includes a univariate policy manager to determine whether the network traffic satisfies at least one of the rules of a univariate policy based on a respective single independent network traffic feature. The device includes a multivariate policy manager to determine, responsive to determining that the network traffic does not satisfy the rules of the univariate policy, that the network satisfies a multivariate policy including a plurality of anomaly explanation tests. The device includes an anomaly explanation selector to select, responsive to determining that the network traffic satisfies the multivariate policy, an anomaly explanation. The device includes a message generator to generate an anomaly explanation output including the selected anomaly explanation.

公开(公告)号：US11165856B2

公开(公告)日：2021-11-02

申请号：US15496675

申请日：2017-04-25

Applicant: Citrix Systems, Inc.

Inventor： Nastaran Baradaran ,  Muraliraja Muniraju

IPC: H04L29/08 ,  H04L12/24 ,  H04L12/26

Abstract: The present disclosure is directed towards systems and methods of detecting a cause of anomalous load balancing among a plurality of servers. A device intermediary to a plurality of clients and a plurality of servers collects values of a plurality of counters. The device identifies a server of the plurality of servers that is an outlier. The device can identify a counter of the plurality of counters that is an outlier based on at least a comparison of values of each of the plurality of counters for each of the plurality of servers. The device can provide, responsive to the determination, an indication that a value of the counter is a factor causing the server to have uneven load balancing during the time interval.

公开(公告)号：US20200045064A1

公开(公告)日：2020-02-06

申请号：US16283260

申请日：2019-02-22

Applicant: Citrix Systems, Inc.

Inventor： Rishabh Bindal ,  Nastaran Baradaran

IPC: H04L29/06 ,  G06F17/18

Abstract: Embodiments described include a computing device for generating risk scores of network entities. The computing device can include one or more processors configured to detect a plurality of risk indicators. Each of the risk indicators identify one of a plurality of activities of a network entity of an organization. The network entity includes a device, an application or a user in the organization's network. The one or more processors can generate a risk score of the network entity, by combining a risk value, an amplification factor and a dampening factor of each of the plurality of risk indicators, and adding an adjustment value for the plurality of risk indicators. The one or more processors can determine, using the generated risk score, a normalized risk score of the network entity. The one or more processors can initiate an action according to the normalized risk score.

公开(公告)号：US10476893B2

公开(公告)日：2019-11-12

申请号：US14927580

申请日：2015-10-30

Applicant: Citrix Systems, Inc.

Inventor： Nastaran Baradaran ,  Anoop Reddy ,  Ratnesh Singh Thakur

IPC: H04L29/06

Abstract: The present disclosure is directed towards systems and methods for detecting anomalous network traffic. Network traffic corresponding to an application executed by a server can be received. Application characteristics of the application can be identified to select an anomaly detection profile. The anomaly detection profile can be selected based on the identified application characteristics. The anomaly detection profile can include a set of detection features for the anomaly and one or more predetermined threshold values of the detection features. One or more feature values of the set of one or more detection features can be determined. An anomaly in the network traffic can be detected responsive to comparing the feature values and the predetermined threshold values of the detection features.