Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which provides a SilverlineRT system that prioritizes and analyzes security alerts and events. The server builds an attack tree based on attack detection rules. The server monitors large-scale distributed systems and receives alerts from various devices. The server determines attacks using the attack tree while excluding false alarms. The server determines impact and risk metrics for attacks in real-time, and calculates an impact score for each attack. The server ranks and prioritizes the attacks based on the impact scores. The server also generates real-time reports. By consider the mission and system specific context in the analysis alert information, the server gives insight into the overall context of problems and potential solutions, improving decision-making. By showing the impacts of alters, the server allows security personnel to prioritize responses and focus on highest value defense activities.

A remote node device including a hardware layer, a hardware abstraction layer, and a software stack operating on the hardware abstraction layer. The software stack including an open-source cloud-based operating system integrated with a service provider defined abstraction layer configured to coordinate functionality of the software stack, virtualized software components such as a virtualized Converged Cable Access Platform (vCCAP) implemented in docker containers where the vCCAP is configured to command and control the remote node device with respect to a customer premise equipment. The software layer of the remote node device includes different types of YANG data models for model-driven management and model-driven telemetry from the remote node device and a customer premise equipment to a service provider back-office system.

In some instances, the disclosure provides a method for identifying access anomalies using network graphs. The method comprises obtaining access data for an entity, generating a network graph baseline profile based on the plurality of data elements, generating a network graph current profile based on the plurality of data elements, generating comparison data based on comparing the plurality of baseline network graphs with the one or more current network graphs and comparing the plurality of baseline nodes and the plurality of baseline edges with the plurality of current nodes and the plurality of current edges, determining, based on the comparison data, anomaly data comprising one or more flagged network accesses to the enterprise system, and providing the anomaly data indicating the flagged network accesses to an authentication system.

The present disclosure relates to a computer-implemented method and an apparatus for classifying anomalies of one or more feature-associated anomalies in network data traffic between devices in a first part of a network and devices in a second part of the network. The method comprises retrieving at least one network data traffic sample and determining one or more feature-associated anomaly scores for the retrieved at least one network data traffic sample. The method further comprises determining feature importance of each feature of a feature-associated anomaly score and classifying one or more anomalies based on the determined one or more feature-associated anomaly scores and the determined feature importance.

The present disclosure describes a method, system, and apparatus for using a machine learning system to configure and optimize complex, distributed computer networks. The machine learning system receives an input related to a computer network and classifies the input using either a supervised learning approach or an unsupervised learning approach. From the classification of the input, the machine learning system builds a first training domain and determines a steady state network configuration for the computer network. After determining a steady state network configuration for the computer network, the machine learning system receives a plurality of inputs from one or more sensors or agents distributed throughout the computer network. The machine learning system compares the plurality of inputs to the steady state network configuration to detect a deviation from the first steady state network configuration. When a deviation from the steady state network configuration is detected, the machine learning system remediates the problem to return the computer network to the steady state network configuration.

The present disclosure describes a method, system, and apparatus for using a machine learning system to configure and optimize complex, distributed computer networks. The machine learning system receives an input related to a computer network and classifies the input using either a supervised learning approach or an unsupervised learning approach. From the classification of the input, the machine learning system builds a first training domain and determines a steady state network configuration for the computer network. After determining a steady state network configuration for the computer network, the machine learning system receives a plurality of inputs from one or more sensors or agents distributed throughout the computer network. The machine learning system compares the plurality of inputs to the steady state network configuration to detect a deviation from the first steady state network configuration. When a deviation from the steady state network configuration is detected, the machine learning system remediates the problem to return the computer network to the steady state network configuration.

Methods and apparatus for enhancing packet scheduler fairness in a small-cell wireless communication network. In one embodiment, the methods and apparatus utilize “quasi-licensed” CBRS (Citizens Broadband Radio Service) wireless spectrum in conjunction with 3GPP wireless communication network (e.g. 4G LTE or 5GNR) for the delivery of services to a number of enhanced CPE (consumer premises equipment), such as fixed wireless apparatus (FWAe). The various FWAe report Channel Quality Indicator (CQI) data to their respective serving base stations over time, and each base station both builds a statistical characterization of each FWAe, and maps the CQI data to a prescribed configuration (e.g., to the Modulation and Coding Scheme (MCS)) adaptively for the transmission of the data to the FWAe, and development of a scheduler priority for each FWAe. In one implementation, once the CQI values are stable for a given FWAe, CQI reporting is terminated for a period of time.

Systems and methods for implementing dynamic graph analysis (DGA) to detect anomalous network traffic are provided. The method includes processing communications and profile data associated with multiple devices to determine dynamic graphs. The method includes generating features to model temporal behaviors of network traffic generated by the multiple devices based on the dynamic graphs. The method also includes formulating a list of prediction results for sources of the anomalous network traffic from the multiple devices based on the temporal behaviors.

A system for transmitting information may include a server that generates pseudo-random superpositions, each superposition including multiple packet fragments encoded using a Galois field. The system may transmit the superpositions across a plurality of communication links, which form a single logical path, to a client device. Communication links may include a combination of diverse communication channels, and more preferably one or more low latency (but low bandwidth) communication links and one or more high bandwidth (but high latency) communication links. Advantageously, the use of a plurality of communication links may facilitate transmitting information quickly and reliably.

A system for transmitting information may include a server that generates pseudo-random superpositions, each superposition including multiple packet fragments encoded using a Galois field. The system may transmit the superpositions across a plurality of communication links, which form a single logical path, to a client device. Communication links may include a combination of diverse communication channels, and more preferably one or more low latency (but low bandwidth) communication links and one or more high bandwidth (but high latency) communication links. Advantageously, the use of a plurality of communication links may facilitate transmitting information quickly and reliably.