| CPC H04L 41/064 (2013.01) [H04L 41/069 (2013.01); H04L 41/0609 (2013.01); H04L 41/0654 (2013.01); H04L 43/067 (2013.01)] | 20 Claims |
|
1. An apparatus for identifying network anomalies, the apparatus comprising:
a communication interface configured to receive one or more of performance management (PM) data, alarm data, and configuration management (CM) data from one or more devices on a network, and
a processor operably connected to the communication interface, the processor configured to:
determine a cumulative anomaly score over a predefined time range based on a subset of historical PM samples;
determine an anomaly ratio of a first time window and a second time window, based on the cumulative anomaly score, wherein the first time window is before one or more CM parameter changes and the second time window is a time window during and after the one or more CM parameter changes;
determine one or more anomaly events coinciding with the one or more CM parameter changes based on the anomaly ratio;
collate the PM data, the alarm data, and the CM data into combined data set based on matching fields and timestamps;
generate a set of rules linking one or more CM parameter changes and the collated data to anomaly events;
control the apparatus to transmit the set of rules to a controller of the network;
generate root cause explanations for CM parameter changes that are linked to anomaly events;
identify a reference data source among two or more data sources that report key performance indicators (KPIs); and
determine whether to modify a granularity of reporting of KPIs to be a finer granularity or a more coarse granularity based on a granularity of reporting of KPIs that corresponds to the reference data source.
|