	US 12,244,479 B2
	Detecting behavioral change of IoT devices using novelty detection based behavior traffic modeling
Ke Tian, San Jose, CA (US); Yilin Zhao, San Jose, CA (US); Xiaoyi Duan, Santa Clara, CA (US); and Jun Du, Cupertino, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on Nov. 28, 2023, as Appl. No. 18/520,915.
Application 18/520,915 is a continuation of application No. 17/649,223, filed on Jan. 28, 2022, granted, now 11,888,718.
Prior Publication US 2024/0098008 A1, Mar. 21, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. G06N 20/00 (2019.01); G06F 21/50 (2013.01); H04L 43/0876 (2022.01)

CPC H04L 43/0876 (2013.01)

24 Claims

1. A method comprising:

for each of a set of one or more device identifiers indicated in network traffic, determining similarity measurements for variables across time intervals of the network traffic, wherein the variables are variables previously identified as correlating to device behavior and device identity;

for each set of similarity measurements determined for each device identifier,

generating a feature vector with the set of similarity measurements;

inputting the feature vector into a local outlier factor with novelty detection model that was trained based on network traffic constrained to devices with stable behavior; and

indicating detection of an anomaly if the local outlier factor with novelty detection indicates an outlier.