CPC H04L 63/1425 (2013.01) [H04L 63/1416 (2013.01); H04L 63/1466 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
1. An anomaly detection system comprising:
a database; and
a server connected to the database, the server configured to identify anomalous web traffic of a client key from a first time period, the server including a processing unit and a memory, the server configured to:
receive the web traffic data from the database,
calculate, using the processing unit, a z-score metric for the client key, wherein the z-score metric indicates a deviation of at least one value of a first attribute of the client key with respect to other values of the first attribute (i) of the client key from other time periods or (ii) of other client keys,
calculate, using the processing unit, a change rate metric for the client key based on the at least one value of the first attribute from the first time period compared to another value of the first attribute of the client key from another time period,
calculate, using the processing unit, a failure metric for the client key, and
determine that the first time period is an anomalous time period based on the z-score metric, the change rate metric, and the failure metric.
|