A method for anomaly detection and troubleshooting in a network includes parsing a network service descriptor (NSD) describing a network service (NS) to be deployed in the network. Monitoring data including time series of service-level metrics and resource-level metrics of network functions (NFs) of the NS are received from different domains of the network. Representations of the time series from the different domains are learned with a common dimensionality. An NS signature of the NS is computed as a cross-correlation matrix comprising cross-correlations between the service-level metrics and the resource-level metrics of the NFs. Embeddings of the NS signature are learned using a model and determining a reconstruction error of the model. It is determined whether the NS is anomalous based on the reconstruction error of the model. The NS is identified as a target for the troubleshooting in a case that the NS was determined to be anomalous.

Embodiments of the disclosure provide a system and method for developing rich data for holistic metrics for gauging an enterprise cyber security posture to enable proactive and preventative measures in order to minimize the enterprise's exposure to a cyberattack. By taking an enterprise-wide holistic approach to cyber security, the enterprise will have information needed to identify areas of its network systems for remediation that will result in making the enterprise a less attractive target for cyber threat actors.

Embodiments of the disclosure provide a system and method for developing rich data for holistic metrics for gauging an enterprise cyber security posture to enable proactive and preventative measures in order to minimize the enterprise's exposure to a cyberattack. By taking an enterprise-wide holistic approach to cyber security, the enterprise will have information needed to identify areas of its network systems for remediation that will result in making the enterprise a less attractive target for cyber threat actors.

Examples described herein include systems and methods for providing network insights on a graphical user interface (“GUI”). The GUI can visualize network errors to help administrative or information technology users more quickly identify issues with an enterprise application. The enterprise application can report network request information to a server. Then the GUI can present visual overlays that compare error metrics between different time cycles of the application. The visual overlay can graphically display these errors on top of one another for immediate relative visualization. Additionally, a grouped list of host destinations can be simultaneously provided. The destination addresses can be abbreviated, and errors grouped accordingly in a manner that provides advantageous error visualization.

Examples described herein include systems and methods for providing network insights on a graphical user interface (“GUI”). The GUI can visualize network errors to help administrative or information technology users more quickly identify issues with an enterprise application. The enterprise application can report network request information to a server. Then the GUI can present visual overlays that compare error metrics between different time cycles of the application. The visual overlay can graphically display these errors on top of one another for immediate relative visualization. Additionally, a grouped list of host destinations can be simultaneously provided. The destination addresses can be abbreviated, and errors grouped accordingly in a manner that provides advantageous error visualization.

The invention concerns a method and a system for determining root-cause diagnosis of events occurring during the operation of a communication network comprising monitoring time signals representative of the operation of the network to detect the occurrence of an event relative to the network traffic, and for each detected event, during the duration of said event obtaining distributions of data on several dimensions of the network linked to said event, automatically determining an event root-cause diagnosis of the detected event, called single event diagnosis, comprising at least one element of said distributions, an element being a value taken by a network dimension having a contribution in said distributions of data, the single event diagnosis determination using rules of business logic configuration organized hierarchically, which are applied according to said hierarchy to select at least one element of said distributions, the selection of more than one element comprising machine learning clustering.

The invention concerns a method and a system for determining root-cause diagnosis of events occurring during the operation of a communication network comprising monitoring time signals representative of the operation of the network to detect the occurrence of an event relative to the network traffic, and for each detected event, during the duration of said event obtaining distributions of data on several dimensions of the network linked to said event, automatically determining an event root-cause diagnosis of the detected event, called single event diagnosis, comprising at least one element of said distributions, an element being a value taken by a network dimension having a contribution in said distributions of data, the single event diagnosis determination using rules of business logic configuration organized hierarchically, which are applied according to said hierarchy to select at least one element of said distributions, the selection of more than one element comprising machine learning clustering.

System, device, and method of adaptive network protection for managed Internet-of-Things (IoT) services. A network traffic monitoring unit monitors data traffic, operations-and-management traffic, and control messages, that relate to cellular communication between an IoT device and a core cellular network. An IoT grouping unit groups multiple IoT devices into a particular IoT group. A baseline behavior determination unit determines a Regular Baseline Cellular Communication Behavior (RBCCB) profile that characterizes the cellular communications that are outgoing from and incoming to each member of the particular IoT group. An outlier detector subsequently detects that a particular IoT device of that particular IoT group, exhibits cellular traffic characteristics that are abnormal relative to the RBCCB profile that was characterized for that particular IoT group. An enforcement actions generator is triggered to selectively perform one or more enforcement operations, notification operations, and quarantine operations.

System, device, and method of adaptive network protection for managed Internet-of-Things (IoT) services. A network traffic monitoring unit monitors data traffic, operations-and-management traffic, and control messages, that relate to cellular communication between an IoT device and a core cellular network. An IoT grouping unit groups multiple IoT devices into a particular IoT group. A baseline behavior determination unit determines a Regular Baseline Cellular Communication Behavior (RBCCB) profile that characterizes the cellular communications that are outgoing from and incoming to each member of the particular IoT group. An outlier detector subsequently detects that a particular IoT device of that particular IoT group, exhibits cellular traffic characteristics that are abnormal relative to the RBCCB profile that was characterized for that particular IoT group. An enforcement actions generator is triggered to selectively perform one or more enforcement operations, notification operations, and quarantine operations.

A system and method for detecting bots. The method includes receiving a request to access a server, the request is being received from a client device, and responsive to the request, causing the client device to download a script code file to the client device. The script code file, when executed, collects a profile, and the profile includes a plurality of parameters. The method also includes receiving the created profile, generating a score based on the plurality of parameters to identify a bot, and initiating a mitigation action based on the identified bot.