US 12,432,127 B2
Framework for anomaly detection with dynamic model selection
Bo David Gustavsson, Monument, CO (US)
Assigned to AXELLIO INC., Colorado Springs, CO (US)
Filed by Axellio Inc., Colorado Springs, CO (US)
Filed on Feb. 16, 2023, as Appl. No. 18/170,281.
Claims priority of provisional application 63/310,924, filed on Feb. 16, 2022.
Prior Publication US 2023/0261957 A1, Aug. 17, 2023
Int. Cl. H04L 43/04 (2022.01); G06N 3/0455 (2023.01); G06N 3/0499 (2023.01); G06N 3/0985 (2023.01); H04L 43/02 (2022.01)
CPC H04L 43/04 (2013.01) [G06N 3/0455 (2023.01); G06N 3/0499 (2023.01); G06N 3/0985 (2023.01); H04L 43/02 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A system comprising:
at least one processor; and
a non-transitory computer readable medium in communication with the processor, the non-transitory computer readable medium having encoded thereon a set of instructions executable by the processor to:
obtain a vector, wherein the vector is generated based, at least in part, on entity information extracted from captured network traffic and an event generated based on the entity information;
determine an entity type based on the entity information;
select a model from a model inventory based, at least in part, on the entity type associated with the vector, wherein the model inventory comprises a plurality of models;
adjust at least one clustering parameter of one or more clustering parameters of the model based, at least in part, on the entity information, wherein the at least one clustering parameter includes a cluster count;
perform cluster analysis on the vector utilizing the model; and
determine whether captured network traffic associated with the vector is anomalous based on the cluster analysis.