In some instances, the disclosure provides a method for identifying access anomalies using network graphs. The method comprises obtaining access data for an entity, generating a network graph baseline profile based on the plurality of data elements, generating a network graph current profile based on the plurality of data elements, generating comparison data based on comparing the plurality of baseline network graphs with the one or more current network graphs and comparing the plurality of baseline nodes and the plurality of baseline edges with the plurality of current nodes and the plurality of current edges, determining, based on the comparison data, anomaly data comprising one or more flagged network accesses to the enterprise system, and providing the anomaly data indicating the flagged network accesses to an authentication system.

A method obtains service request information identifying computing device nodes invoked by users. Based on the service request information, sets of computing device nodes are identified, each set of computing device nodes includes computing device nodes invoked simultaneously or sequentially by one of the users. Communities are further identified based on a probability measure that is a measure of a probability of co-occurrence of two sets of computing device nodes. Each community has sets of computing device nodes each having the probability measure over a probability threshold in relation to at least one other set of computing device nodes in the community. Solutions are predicted for provision of services of the sets of computing device nodes of the communities. Each predicted solution for provision of services relates to a community and is determined based on shared knowledge of predicted solutions for provision of services relating to other communities.

A method includes partitioning a set of configuration management (CM) data for one or more cellular network devices into multiple distinct time intervals, each time interval associated with a distinct set of CM settings at the one or more cellular network devices, the CM data comprising multiple CM parameters. The method also includes determining a regression model based on the set of CM data. The method also includes applying the regression model to compute a distinct set of scores and compare the set of scores to estimate whether a performance of the one or more cellular network devices has changed during a second time interval relative to a first time interval.

A system and a method for performing programmable analytics on network data are described. A data layer constructs flow behavior information based on information present within headers of data packets flowing across one or more network devices configured in a computer network. An inline heuristics layer performs one or more inline heuristic operations on the flow behavior information to obtain aggregate statistical information. An integrated analytics layer performs one or more analytical operations on the flow behavior information to obtain network insights. A presentation layer filters and plots information obtained from the data layer, the inline heuristics layer, and the integrated analytics layer, based on a user input.

In the present disclosure, a network monitoring system is provided including an IP network monitoring unit (610) that monitors an IP network to which an IP device is connected; and a non-IP device monitoring unit (630) that monitors a non-IP device. It is possible to monitor both the IP network and the non-IP device in a system that includes the IP network including the IP device and the non-IP device.

Requests are received for handling by a cloud computing environment which are then executed by the cloud computing environment. While each request is executing, performance metrics associated with the request are monitored. A vector is subsequently generated that encapsulates information associated with the request including the text within the request and the corresponding monitored performance metrics. Each request is then assigned (after it has been executed) to either a normal request cluster or an abnormal request cluster based on which cluster has a nearest mean relative to the corresponding vector. In addition, data can be provided that characterizes requests assigned to the abnormal request cluster. Related apparatus, systems, techniques and articles are also described.

Requests are received for handling by a cloud computing environment which are then executed by the cloud computing environment. While each request is executing, performance metrics associated with the request are monitored. A vector is subsequently generated that encapsulates information associated with the request including the text within the request and the corresponding monitored performance metrics. Each request is then assigned (after it has been executed) to either a normal request cluster or an abnormal request cluster based on which cluster has a nearest mean relative to the corresponding vector. In addition, data can be provided that characterizes requests assigned to the abnormal request cluster. Related apparatus, systems, techniques and articles are also described.

In one embodiment, techniques are shown and described relating to traffic-based inference of influence domains in a network by using learning machines. In particular, in one embodiment, a management device computes a time-based traffic matrix indicating traffic between pairs of transmitter and receiver nodes in a computer network, and also determines a time-based quality parameter for a particular node in the computer network. By correlating the time-based traffic matrix and time-based quality parameter for the particular node, the device may then determine an influence of particular traffic of the traffic matrix on the particular node.

In one embodiment, techniques are shown and described relating to traffic-based inference of influence domains in a network by using learning machines. In particular, in one embodiment, a management device computes a time-based traffic matrix indicating traffic between pairs of transmitter and receiver nodes in a computer network, and also determines a time-based quality parameter for a particular node in the computer network. By correlating the time-based traffic matrix and time-based quality parameter for the particular node, the device may then determine an influence of particular traffic of the traffic matrix on the particular node.

Provided herein are systems and methods for providing insights or metrics in connection with provisioning applications and/or desktop sessions to end-users. Network devices (e.g., appliances, intermediary devices, gateways, proxy devices or middle-boxes) can gather insights such as network-level statistics. Additional insights (e.g., metadata and metrics) associated with virtual applications and virtual desktops can be gathered to provide administrators with comprehensive end-to-end real-time and/or historical reports of performance and end-user experience (UX) insights. Insights relating to an application or desktop session can be used to determine and/or improve the overall health of the infrastructure of the session, Citrix Virtual Apps and Desktops, the applications (e.g., remote desktop application) being delivered using the infrastructure, and/or the corresponding user experience.