	US 12,095,639 B2
	Method, device and system for improving performance of point anomaly based data pattern change detection associated with network entity features in a cloud-based application acceleration as a service environment
Justin Joseph, Karnataka (IN); Shyamtanu Majumder, Karnataka (IN); Parth Arvindbhai Patel, Gujarat (IN); and Johny Nainwani, Rajasthan (IN)
Assigned to Aryaka Networks, Inc., Newark, CA (US)
Filed by Justin Joseph, Karnataka (IN); Shyamtanu Majumder, Karnataka (IN); Parth Arvindbhai Patel, Gujarat (IN); and Johny Nainwani, Rajasthan (IN)
Filed on Dec. 27, 2022, as Appl. No. 18/088,806.
Application 18/088,806 is a continuation in part of application No. 17/348,746, filed on Jun. 15, 2021, granted, now 11,916,765.
Application 17/348,746 is a continuation in part of application No. 16/660,813, filed on Oct. 23, 2019, granted, now 11,070,440, issued on Jul. 20, 2021.
Prior Publication US 2023/0140793 A1, May 4, 2023
Int. Cl. H04L 43/0823 (2022.01); H04L 43/06 (2022.01)

CPC H04L 43/0823 (2013.01) [H04L 43/06 (2013.01)]

20 Claims

1. A method comprising:

detecting, through a server of a cloud computing network comprising a plurality of subscribers of application acceleration as a service provided by the cloud computing network at a corresponding plurality of client devices communicatively coupled to the server, a set of point anomalies in real-time data associated with each network entity of a plurality of network entities of the cloud computing network for each feature thereof in sequential time based on determining whether the real-time data falls outside at least one first threshold expected value thereof;

determining, through the server, at least a subset of the set of point anomalies as a sequential series of continuous anomalies based on a separation in time between immediately next point anomalies thereof in the sequential time being equal to or below a second threshold value in time;

incrementally adding, through the server, a point anomaly of the set of point anomalies in an order of the sequential time to the sequential series of continuous anomalies until the point anomaly to be added is separated in time from a last added point anomaly to the sequential series of continuous anomalies for a duration above the second threshold value in time to determine a current longest occurring sequence of anomalies in the set of point anomalies;

in light of new point anomalies of the set of point anomalies in the real-time data detected via the server for the each network entity for the each feature thereof, improving performance of determination of a subsequent longest occurring sequence of anomalies in the set of point anomalies based on combining, through the server, the determined current longest occurring sequence of anomalies incrementally with at least one new point anomaly of the new point anomalies as compared to iteration therefor through an entirety of the sequence in time; and

detecting, through the server, at least one anomaly in the real-time data associated with the each network entity for the each feature thereof including at least one point anomaly of the set of point anomalies in accordance with computing a score for the at least one anomaly indicative of anomalousness thereof, the computation of the score involving both relative scoring and absolute deviation scoring, and the absolute deviation scoring being based on previous data deviations from reference data bands.