US 12,231,451 B2
Foundational model for network packet traces
Mudhakar Srivatsa, White Plains, NY (US); Davis Wertheimer, White Plains, NY (US); Franck Vinh Le, West Palm Beach, FL (US); Utpal Mangla, Toronto (CA); Satishkumar Sadagopan, Leawood, KS (US); Mathews Thomas, Flower Mound, TX (US); and Dinesh C. Verma, New Castle, NY (US)
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION, Armonk, NY (US)
Filed by INTERNATIONAL BUSINESS MACHINES CORPORATION, Armonk, NY (US)
Filed on Oct. 20, 2022, as Appl. No. 18/048,059.
Prior Publication US 2024/0137375 A1, Apr. 25, 2024
Prior Publication US 2024/0236124 A9, Jul. 11, 2024
Int. Cl. H04L 9/40 (2022.01); H04L 41/16 (2022.01); H04L 43/04 (2022.01)
CPC H04L 63/1425 (2013.01) [H04L 41/16 (2013.01); H04L 43/04 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
receiving network traffic of a network;
extracting features from the network traffic, the features having a function related to communications in the network, wherein the features comprise a sequence of fully qualified domain names (FQDNs);
generating tokens from the features, each of the features corresponding to a respective one of the tokens;
training a machine learning model by inputting the tokens, the machine learning model being trained to output contextual embeddings for the tokens, wherein one or more of the tokens are masked by corrupting the one or more of the tokens during the training of the machine learning model; and
using the contextual embeddings to determine an anomaly in the network traffic.