Embodiments are directed to monitoring network traffic in a network. A device relation model that may be comprised of two or more nodes and one or more edges stored in memory of the network computer may be provided to a network monitoring computer (NMC), such that each node represents an agent and each edge represents a relationship between two agents. If error signals are detected by the NMC, the NMC perform further actions to process the error signals. The device relation model may be traversed to identify agents associated with the error signals. The network traffic associated with the error signals and the agents may be analyzed by the NMC. If the error signals are associated with anomalies in the network traffic, users may be notified. The device relation model may be updated upon discovery of new computing devices, new applications, or new associations between agents.

A method and system for providing a NS instance satisfying a requested availability of a NSI comprises obtaining at least one VNFD for a VNF composing the NS, the VNFD being associated with at least one absolute availability value guaranteed according to at least one DF; obtaining an availability value of NFVI on which the VNF is to be deployed; determining a minimum availability value for a NS instance of the NS; selecting a VNF DF and RM for the VNF DF such that the product of the absolute availability value of the VNF DF, taking into account the selected RM, and of the availability value of the NFVI is greater than or equal to the minimum availability value for the NS instance; and instantiating the NS instance by instantiating at least one VNF instance according to the at least one selected VNF DF and corresponding RM.

Techniques for modifying data packet transmission characteristics by an intermediate node in a network are disclosed. An intermediate node in a data transmission network determines a current estimated transmission time for packets being transmitted from the source node to the intermediate node. The node analyzes a data packet to determine a Quality of Service (QoS) requirement for transmission of the first data packet. Based on the current estimated transmission time for packets being transmitted from the source node to the intermediate node and the QoS requirement for transmission of the first data packet, the intermediate node selects one or more transmission characteristics for forwarding the first data packet toward the destination node. The intermediate node transmits the packet toward the destination node in accordance with the one or more transmission characteristics.

In one embodiment, a method includes processing network data models at a network device operating in a network comprising a plurality of network components, each of the network components associated with one of the network data models, performing semantic matching at the network device for at least two of the network data models, the semantic matching comprising computing labels for elements of the network data models utilizing label computation algorithms configured for notational conventions used in the network data models, computing contexts for the elements based on a hierarchy of each of the network data models, removing one or more of the labels used to form the contexts to create reduced contexts, and computing a semantic relationship for the reduced contexts of the network data models. The network data models are mapped at the network device based on the semantic matching for use in a network application. An apparatus and logic are also disclosed herein.

A system receives, from one or more subsystems, one or more predicted outcomes associated with a device. The system provides provide at least a subset of the predicted outcomes as input to a machine learning model trained to identify a set of resolution actions. The system receives, from the machine learning model, the set of resolution actions for the subset of the predicted outcomes, wherein each resolution action in the set of resolution actions is associated with a probability of resolving at least one of the predicted outcomes in the subset of predicted outcomes. The system identifies a first resolution action from the set of resolution actions, wherein the first resolution action has a highest probability of resolving the at least one of the predicted outcomes in the subset of predicted outcomes. The system provides a first instruction to execute the first resolution action.

Methods and systems for detecting malicious activity on a network. The methods described herein involve gathering data regarding a first state of a computing environment, executing an attack tool to simulate malicious activity in the computing environment, and then gathering data regarding a second state of the computing environment. The methods described herein may then involve generating a signature based on changes between the first and second states, and then using the generated signature to detect malicious activity in a target network.

A device in an evolved packet core (EPC) which includes a processor and a memory. The processor effectuates operations including receiving from one or more devices residing within a customer premise equipment (CPE) portion of a telecommunications network, sensor data associated with one or more customers and in response to receiving the sensor data, generating a data request for an ecosystem status for the CPE portion of the telecommunications network. The processor further effectuates operations including obtaining customer information for the one or more customers and creating an analytics environment, using the customer information, for the one or more customers. The processor further effectuates operations including performing, within the analytics environment, analytics on the sensor data to determine a state of the CPE portion of the telecommunications network for the one or more customers and in response to performing analytics on the sensor data, optimizing the telecommunications network.

An interworking service entity receives server registration requests including indications of service layer protocols used by each server, maintains a repository of server information, and uses the repository for interworking requests of devices to servers of different protocols based on a server type provided in discovery requests. Other matching information may include, for example, server security protocol, supported services, service territory, availability, capacity, or loading, as device information or preferences, such a supported service, supported interface type, or a supported device type.

Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.

Systems and methods are disclosed herein for reducing storage space used in tracking behavior of a plurality of network endpoints by modeling the behavior with a behavior model. To this end, control circuitry may determine a respective network endpoint, of a plurality of network endpoints, to which each respective record of a plurality of received records corresponds. The control circuitry then may assign a dedicated queue for each respective network endpoint, and transmit, to each dedicated queue, each record that corresponds to the respective network endpoint to which the respective dedicated queue is assigned. The control circuitry may then determine, for each respective network endpoint, a respective behavior model, and may store each respective behavior model to memory.