CPC G06F 11/079 (2013.01) [G06F 11/0709 (2013.01); G06F 11/0769 (2013.01); G06F 11/0793 (2013.01); G06F 16/9024 (2019.01); G06N 3/08 (2013.01); G06N 5/022 (2013.01); H04L 41/065 (2013.01); H04L 41/069 (2013.01); H04L 41/0636 (2013.01); H04L 41/12 (2013.01); H04L 41/145 (2013.01)] | 20 Claims |
11. A computer-implemented method, the method comprising:
determining a plurality of events within a network;
determining, from the plurality of events, a plurality of causal event pairs, each causal event pair connected by a directional edge having a causal score indicating a strength of causation;
generating a cluster tree of candidate event clusters, each candidate event cluster having at least one included causal event pair of the plurality of causal event pairs and having a cluster score defined by the at least one included causal event pair; and
selecting an event cluster from the candidate event clusters, based on the cluster scores, to thereby identify a situation within the network.
|