US 12,261,866 B1
Time series anomaly detection
Ting-Fang Yen, Palo Alto, CA (US); Isha Singhal, Milpitas, CA (US); Andrew D. Twigg, Belmont, CA (US); and Yijou Chen, Cupertino, CA (US)
Assigned to Fortinet, Inc., Sunnyvale, CA (US)
Filed by Fortinet, Inc., Sunnyvale, CA (US)
Filed on Aug. 10, 2022, as Appl. No. 17/884,824.
Application 17/884,824 is a continuation in part of application No. 17/504,311, filed on Oct. 18, 2021, granted, now 11,677,772.
Application 17/504,311 is a continuation of application No. 16/665,961, filed on Oct. 28, 2019, granted, now 11,153,339, issued on Oct. 19, 2021.
Application 16/665,961 is a continuation of application No. 16/134,794, filed on Sep. 18, 2018, granted, now 10,581,891, issued on Mar. 3, 2020.
Claims priority of provisional application 63/332,153, filed on Apr. 18, 2022.
Claims priority of provisional application 63/329,710, filed on Apr. 11, 2022.
Claims priority of provisional application 63/253,886, filed on Oct. 8, 2021.
Claims priority of provisional application 63/242,334, filed on Sep. 9, 2021.
Claims priority of provisional application 63/233,052, filed on Aug. 13, 2021.
Claims priority of provisional application 62/650,971, filed on Mar. 30, 2018.
Claims priority of provisional application 62/590,986, filed on Nov. 27, 2017.
Int. Cl. H04L 9/40 (2022.01); G06F 9/455 (2018.01); G06F 9/54 (2006.01); G06F 16/901 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/57 (2013.01); H04L 41/0631 (2022.01); H04L 43/045 (2022.01); H04L 43/06 (2022.01); H04L 43/067 (2022.01); H04L 67/306 (2022.01); H04L 67/50 (2022.01); G06F 16/2455 (2019.01)
CPC H04L 63/1425 (2013.01) [G06F 9/455 (2013.01); G06F 9/545 (2013.01); G06F 16/9024 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/57 (2013.01); H04L 41/064 (2013.01); H04L 43/045 (2013.01); H04L 43/06 (2013.01); H04L 43/067 (2013.01); H04L 63/10 (2013.01); H04L 67/306 (2013.01); H04L 67/535 (2022.05); G06F 16/2456 (2019.01)] 20 Claims
OG exemplary drawing
 
1. A method of time series anomaly detection, the method comprising:
gathering data associated with a particular event type and a user;
generating, based on the data, a time series analysis;
detecting an anomaly based on the time series analysis;
generating information describing the anomaly, wherein the information comprises an observation record that is one of a plurality of observation records; and
presenting a user interface describing a degree of satisfaction, based on the plurality of observation records, of a plurality of conditions comprising a top-level condition and one or more dependent conditions required to satisfy the top-level condition.