| CPC H04L 63/1425 (2013.01) [G06N 20/00 (2019.01); H04L 63/1416 (2013.01)] | 18 Claims |
|
1. A method comprising:
identifying a set of devices in a knowledge base, the set of devices having a same characteristic as a first device, the first device being a network-connected device transmitting data to a client device;
defining an amount of data to retrieve from the first device for use by an anomaly detection system based on a set of performance requirements of the first device and usage data of the set of devices, defining the amount of data including:
running a supervised machine learning model using tiers-of-data labels representing amounts of data to be retrieved; and
determining a tier of data of the first device according to the supervised machine learning model, wherein the tier of data is the amount of data to be retrieved from the first device;
defining a frequency for retrieving the amount of data from the first device based on a set of performance requirements of the first device and usage data of the set of devices;
monitoring for compliance of the first device to the set of performance requirements while transmitting data to the client device while the first device operates according to the defined frequency of data retrieval and the defined amount of data to be retrieved for the anomaly detection system; and
responsive to compliance to the set of performance requirements being detected, recording to the knowledge base the first device, characteristics of the first device including the same characteristic, the amount of data, and the frequency of data retrieval.
|