| CPC H04L 41/147 (2013.01) [H04L 41/06 (2013.01); H04L 41/145 (2013.01); H04L 43/08 (2013.01)] | 20 Claims |
|
1. A method comprising:
detecting, through a server of a cloud computing network comprising a plurality of subscribers of application acceleration as a service provided by the cloud computing network at a corresponding plurality of client devices communicatively coupled to the server, a set of point anomalies in real-time data associated with each network entity of a plurality of network entities of the cloud computing network for each feature thereof in sequential time based on determining whether the real-time data falls outside at least one first threshold expected value thereof;
computing, through the server, anomaly scores for the detected set of point anomalies indicative of anomalousness thereof;
determining, through the server, an event associated with a pattern of change of the real-time data associated with the each network entity for the each feature thereof based on the detected set of point anomalies and the computed anomaly scores;
determining, through the server, data correlation scores for the point anomalies associated with the event that reflect commonness of the event by way of at least one combination of features that has led to the event;
in accordance with reading the anomaly scores associated with the event as an input feedback to the server, the each feature of the each network entity as a dimension of the input feedback and a category of the event as a label of the event and in accordance with the determination of the data correlation scores, predictively classifying, through the server, a future event into a predicted category thereof in accordance with subjecting the anomaly scores associated with the event to a binning process and interpreting a severity indicator of the event also input thereto;
refining, through the server, the predictive classification of the future event based on a subsequent input to the server from a client device of the plurality of client devices that modifies a classification model for predictively classifying the future event into the predicted category;
representing, through the server, each detected point anomaly of the set of point anomalies in a full mesh Q node graph, wherein Q is a number of features applicable for the each network entity;
capturing, through the server, a transition in the each detected point anomaly associated with a newly detected one of: anomaly and non-anomaly in the real-time data associated with the each feature of the each network entity of the Q number of features via the representation of the full mesh Q node graph;
deriving, through the server, a current data correlation score for the each detected point anomaly across the captured transition as:
 wherein CS is the current data correlation score for the each detected point anomaly across the captured transition, APC is a count of a total number of pairs of Y current anomalous features in the Q number of features and is given by YC2+YC1, EWPi is a weight of an edge of the ith pair of the Y current anomalous features in the representation of the full mesh Q node graph, and TSAC is a total number of time samples of the each detected point anomaly comprising the captured transition, and
wherein the current data correlation score is indicative of a commonness of a combination of the Y current anomalous features contributing to the each detected point anomaly with respect to an equivalent Y anomalous features contributing to another previously detected point anomaly associated with the each network entity; and
utilizing the current data correlation score to predictively classify, through the server, the future event into the predicted category thereof.
|