| CPC G06F 11/0781 (2013.01) [G06F 11/0793 (2013.01); G06F 11/3447 (2013.01)] | 20 Claims |
|
1. A method of detecting and handling anomalies in a network, comprising:
collecting meta-data related to an environment of each organization using the network; wherein each organization deploys one or more computers connected to the network;
extracting features from the meta-data;
clustering organizations having common features into segments;
collecting training data from all organizations;
grouping the training data according to the segments;
training a model for each segment with event data to detect and handle anomalies;
analyzing event data of a segment with a respective model for that segment:
providing a decision score responsive to the analyzing; and
handling the anomaly based on the decision score.
|