| CPC H04L 63/1425 (2013.01) [H04L 41/069 (2013.01); H04L 41/12 (2013.01); H04L 41/28 (2013.01)] | 17 Claims |
|
1. A computer-implemented method performed by a computer system comprising a hardware processor, the method comprising:
obtaining information representative of a defined network topology type for a first computer network, the first computer network including multiple network nodes, each network node of the multiple network nodes having at least one communication connection with at least one other network node of the multiple network nodes;
obtaining information representative of communication connections between the multiple network nodes;
creating a graph representation of a connection topology for the multiple network nodes, the graph representation comprising a plurality of graph nodes representing respective network nodes of the multiple network nodes, and edges between graph nodes of the plurality of graph nodes, the edges representing the communication connections:
automatically assigning respective roles to the plurality of graph nodes according to the defined network topology type and comprising a first role assigned to a first subset of the plurality of graph nodes, and a different second role assigned to a second subset of the plurality of graph nodes; and
analyzing the respective roles assigned to the plurality of graph nodes and the edges of the graph representation to identify an anomalous connection between network nodes that does not conform to the defined network topology type, wherein the identifying of the anomalous connection comprises:
detecting, in the graph representation, an edge between graph nodes assigned a same role, detecting an odd cycle in the graph representation based on the edge detected between the graph nodes assigned the same role, the odd cycle comprising an odd number of edges to complete a cycle between a group of graph nodes in the graph representation, and
comparing the odd cycle to an even cycle in the group of graph nodes.
|