US 12,438,790 B1
Network anomaly detection using clustering
Brian Robert Silverstein, Santa Clara, CA (US); Lorne Schell, Montreal (CA); Fanny Riols, Montreal (CA); and Katrina Suzanne Stankiewicz, Montreal (CA)
Assigned to ServiceNow, Inc., Santa Clara, CA (US)
Filed by ServiceNow, Inc., Santa Clara, CA (US)
Filed on Mar. 26, 2024, as Appl. No. 18/617,031.
Int. Cl. H04L 43/0817 (2022.01); G06F 16/28 (2019.01); H04L 41/16 (2022.01)
CPC H04L 43/0817 (2013.01) [G06F 16/282 (2019.01); G06F 16/285 (2019.01); H04L 41/16 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
accessing a representation of a network comprising a plurality of elements;
generating a plurality of clusters representative of the network, each cluster of the plurality of clusters comprising a respective non-overlapping subset of elements of the plurality of elements;
obtaining, for each element of the subset of elements of a particular cluster of the plurality of clusters, historical data indicative of operation of at least two of the respective elements of the particular cluster;
training, using the historical data, a model to detect anomalous activity in the particular cluster;
obtaining operational data for a particular element of the subset of elements of the particular cluster; and
determining, by applying the model to the operational data, that the particular element of the cluster exhibits anomalous activity.