A method and a system for identifying indicators of compromise in a network infrastructure are provided. The method being executable by a computing device communicatively couplable to the network infrastructure, the computing devices being positioned outside a perimeter of the network infrastructure. The method comprises: obtaining an infrastructure graph for the network infrastructure, identifying, for a given protected infrastructure element, a portion of the infrastructure graph including vertices representative of linked infrastructure elements; analyzing a given one of the linked infrastructure elements to determine a respective value thereof; determining whether the respective value of the given one of the linked infrastructure elements is indicative of the network infrastructure being compromised; in response to the respective value of any one of the linked infrastructure elements associated to the given protected infrastructure element being indicative of the network infrastructure being compromised: generating and transmitting at least one warning about a potential cyberattack.

A computer implemented method for remote intrusion monitoring of a networked device. The method includes: receiving, by an intrusion detection engine connected to a network, a network communication to a first networked device; transmitting, via the intrusion detection engine, a duplicate of the network communication to a second networked device, wherein the second networked device hosts at least one virtual model of the first networked device; applying the duplicated network communication to the at least one virtual model of the first network device hosted by the second networked device; and monitoring, using a monitoring engine, the at least one virtual model of the first networked device upon reception of the duplicated network communication by the at least one virtual model.

A method may include obtaining, for each period within a time interval, raw performance metric values for a performance metric of a service, encoding the raw performance metric values to generate inferred performance metric values for the performance metric, and selecting a portion of the inferred performance metric values. The portion corresponds to a representative period. The may method further include obtaining a service request for the service, generating a simulated response to the service request, and transmitting the simulated response using the portion of the inferred performance metric values.

A processor may identify one or more sources. The processor may identify a respective requirement of each of the one or more sources. The processor may determine if a respective requirement is different than another respective requirement. The processor may locate each of the one or more sources in a respective slice on a different container available in a server of a network.

Systems and processes for iteratively training a network training module are described herein. In various embodiments, the process includes: (1) retrieving bulk data comprising a plurality of a data types, (2) transforming the bulk data according to preconfigured classification values to generate network information data sets; (3) training a raw training module by iteratively processing each of the network information data sets through a raw training module to generate respective output classification values; (4) updating one or more classification values based on a comparison of the respective output classification values; (5) processing an input network information data set with a trained training module to generate a specific network constituent; and (6) modifying a display based on the plurality of classification values.

Techniques are described herein for generating network topologies based on models, and deploying the network topologies across hybrid clouds and other computing environments that include multiple workload resource domains. A topology deployment system may receive data representing a logical topology model, and may generate a network topology for deployment based on the logical model. The network topology may include various services and/or other resources provided by different tenants in the computing environment, and tenant may be associated with different set of resources and deployment constraints. The topology deployment system may determine and generate the network topology to use the various resources and comply with various deployment constraints of the different tenants providing the services, and the tenants consuming the network topology.

Embodiments are directed to an overlay network for an industrial Internet of Things. The overlay network has multiple main components: (1) a security component, such as a cloaked network, (2) a digital twin component that operates as digital simulations of the physical devices, (3) a communications mesh, and (4) a resource provisioning matrix for adjusting the resources used by the digital twin. The overlay network is a virtual network that is Software Defined—it sits on top of the existing Internet physical hardware of servers, routers, etc. The overlay network is sometimes referred to herein as a Software Defined Secure Content/Context Aware Network (SD-SCAN).

Methods and systems for Open Network Automation Platform (ONAP) Fifth Generation Core (5GC) interaction for analytics are provided. According to one aspect, a method, performed by a Front End node for receiving patterns extracted from events and current network status data in a telecommunications network, comprises: receiving, from a Session Management Function (SMF) a request for a User Plane Function (UPF) selection recommendation for a user; determining a list of applications associated with the user; sending, to a Data Collection, Analytics, and Events (DCAE) function of an ONAP, a request for a list of Application Server (AS) locations; receiving, from the DCAE function, the list of AS locations; selecting a UPF based on the user's mobility and application usage patterns; and sending, to the SMF, a recommendation identifying the selected UPF.

Methods, apparatus, and processor-readable storage media for identifying and remediating anomalies through cognitively assorted machine learning algorithms are provided herein. A computer-implemented method includes: identifying, using system log data, a target variable based at least in part on correlations between a set of performance indicators of a system and the target variable, and threshold values for the performance indicators relative to the target variable; generating an inference model to predict when the system will enter an adverse state and identify one or more root causes of the system entering the adverse state; using machine reinforcement learning to determine an action policy including actions that remediate the adverse state; predicting that the system will enter the adverse state by applying the inference model to further system log data; and automatically executing one or more actions of the action policy in response to the prediction.

A firewall intelligence system, includes a data storage storing a set of firewall rules for a network; a recommendation engine that receives, from a log service, traffic logs detailing traffic for the network and firewall logs detailing the usage of firewall rules in response to the traffic for the network, accesses, from the data storage, the set of firewall rules for the network; processes the set of firewall rules to evaluate the firewall rules against a set of quantitative evaluation rules to determine one or more firewall rule recommendations, wherein each firewall rule recommendation is a recommendation to change at least one of the firewall rules in the set of firewall rules; and a front end API that provides data describing the one or more firewall rule recommendations to a user device.