Systems, methods, and computer-readable media for detecting and reporting anomalies in a network environment for providing network assurance. In some embodiments, a system can determine confidence scores for at least one value of parameters of a network environment defining network events occurring in the network environment. The confidences scores can indicate a frequency that the defined network events have a specific event state. The confidence scores can be monitored to detect an anomaly in the network environment. In response to detecting the anomaly in the network environment, the system can determine a relevant network state of the network environment. The relevant network state of the network environment and the anomaly in the network environment can be presented to a user.

Methods, systems, and computer-readable storage media for receiving a record including a set of attributes, each attribute having an attribute value, the record representing automatic execution of an IT process within a managed system, retrieving a model representing historical executions of the IT process and including a set of distribution parameters associated with a first type of attribute and a set of probability distributions associated with a second type of attribute, determining, for a first attribute, a first score based on distribution parameters and a value, determining, for a second attribute, a second score based on a probability distribution and a value, the second attribute being of the second type of attribute, and selectively indicating that the IT process is anomalous based on an outlier score.

The present disclosure relates to a computer-implemented method and an apparatus for classifying anomalies of one or more feature-associated anomalies in network data traffic between devices in a first part of a network and devices in a second part of the network. The method comprises retrieving at least one network data traffic sample and determining one or more feature-associated anomaly scores for the retrieved at least one network data traffic sample. The method further comprises determining feature importance of each feature of a feature-associated anomaly score and classifying one or more anomalies based on the determined one or more feature-associated anomaly scores and the determined feature importance.

Embodiments of the invention are directed to systems, method, and devices for detecting failures in distributed systems. A failure detection platform may identify anomalies in time series data, the time series data corresponding to historical network messages. The anomalies can be labeled and used to train a first predictive model. At least one other model may be trained using the time series data, the anomaly labels and a supervised machine-learning algorithm. A third model can be trained to identify a system failure based at least in part on the outputs provided by the first and the second model. The third model, once trained, can be utilized to predict a future system failure.

Disclosed are a service detection method and apparatus, a device, and a non-transitory computer-readable storage medium. The service detection method may includes: determining a service time interval between service data; determining a matching result of the service time interval according to a set period value and a set jitter value in a preset periodicity judgment parameter; and determining that the service data is periodic service data in response to determining that the matching result of the current service time interval meets a periodicity condition according to a minimum number of matching time intervals and a maximum number of matching time intervals in the periodicity judgment parameter.

Embodiments of the present disclosure relate to the field of communications, and disclose a traffic prediction method, including: acquiring traffic data of a first preset time period in a historical period, and pre-processing the traffic data; performing empirical mode decomposition (EMD) on pre-processed traffic data to obtain a plurality of component series; using a time series prediction model to fit the plurality of component series, and using a fitted time series prediction model to obtain a plurality of component prediction results for a second preset time period; accumulating all the component prediction results to obtain a traffic prediction result for the second preset time period. The present disclosure further provides a traffic prediction device and a storage medium.

Embodiments of the present disclosure relate to the field of communications, and disclose a traffic prediction method, including: acquiring traffic data of a first preset time period in a historical period, and pre-processing the traffic data; performing empirical mode decomposition (EMD) on pre-processed traffic data to obtain a plurality of component series; using a time series prediction model to fit the plurality of component series, and using a fitted time series prediction model to obtain a plurality of component prediction results for a second preset time period; accumulating all the component prediction results to obtain a traffic prediction result for the second preset time period. The present disclosure further provides a traffic prediction device and a storage medium.

A machine learning anomaly detection system receives a time series of metrics indicative of operational characteristics of a computing system architecture. A distribution of the metrics values is identified and a volume of metrics detected during a current evaluation period is identified. A dynamic anomaly detection threshold is generated, based upon the distribution and the volume of detected metrics. Metric values from the current evaluation period are compared to the dynamic anomaly detection threshold to determine whether the metric values in the current evaluation period are anomalous. If so, an action signal is generated.

Systems, methods, and computer-readable media for receiving one or more models of network intents, comprising a plurality of contracts between providers and consumers, each contract containing entries with priority values. Each contract is flattened into a listing of rules and a new priority value is calculated. The listing of rules encodes the implementation of the contract between the providers and the consumers. Each entry is iterated over and added to a listing of entries if it is not already present. For each rule, the one or more entries associated with the contract from which the rule was flattened are identified, and for each given entry a flat rule comprising the combination of the rule and the entry is generated, wherein a flattened priority is calculated based at least in part on the priority value of the given one of given entry and the priority value of the rule.

Techniques are described for monitoring application performance in a computer network. For example, a network management system (NMS) includes a memory storing path data received from a plurality of network devices, the path data reported by each network device of the plurality of network devices for one or more logical paths of a physical interface from the given network device over a wide area network (WAN). Additionally, the NMS may include processing circuitry in communication with the memory and configured to: determine, based on the path data, one or more application health assessments for one or more applications, wherein the one or more application health assessments are associated with one or more application time periods for a site, and in response to determining at least one failure state, output a notification including identification of a root cause of the at least one failure state.