Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.

Methods, systems, and computer-readable storage media for receiving a record including a set of attributes, each attribute having an attribute value, the record representing automatic execution of an IT process within a managed system, retrieving a model representing historical executions of the IT process and including a set of distribution parameters associated with a first type of attribute and a set of probability distributions associated with a second type of attribute, determining, for a first attribute, a first score based on distribution parameters and a value, determining, for a second attribute, a second score based on a probability distribution and a value, the second attribute being of the second type of attribute, and selectively indicating that the IT process is anomalous based on an outlier score.

Systems, methods and/or computer program products for managing and dynamically automating service mesh communications between microservices, eliminating unnecessary exposure of microservice ports and increasing security between microservices of the service mesh. The control plane collects data describing communications between microservices and tracks the frequency at which microservices communicate. Collected data is fed to machine learning models which outputs a forecast predicting future communication interactions between microservices. Using the predicted requirements for facilitating communications between microservices of the service mesh, an allowed list of communications can be generated describing the microservices allowed to send and receive communications, duration of communications allowed, when such communications are allowed, and the ports that will be used for facilitating the communication between microservices. Administrators of the service mesh may manually override the one or more approved aspects of the dynamically generated allowed list configured automatically by the service mesh.

Auto connectivity simulation from the client-side. Workstations/clients are intelligently selected, on a continuous basis, for auto connectivity simulation and probes are communicated to the selected workstations which activate a previously deployed agent that is configured to conduct connectivity simulations to the communication network and, at least, basic utility services provided within the communication network. The comprehensive results of connectivity simulations are analyzed and patterns of connectivity issues are identified. Subsequently, rules are applied to the patterns of connectivity issues to determine appropriate actions, such as reconfiguring the connectivity route, the servers used for connection and/or notifying personnel assigned to address the issues.

A computer-implemented method, system and computer program product for accurately identifying an execution time of a performance test. Network latency data is grouped into clustered groups of network latency data. Furthermore, the performance test execution times for the same group of performance tests run in the local and remote cluster environments are obtained. The test execution times impacted by network latency (compensation times) are then determined based on such obtained performance test execution times in the local and remote cluster environments. Such compensation times are then grouped into clustered groups of compensation times. A regression model is built to predict a performance test execution time impacted by network latency (compensation time) using the clustered groups of network latency data and compensation times. The execution time of a performance test run in the remote cluster environment is then generated that takes into consideration the compensation time predicted by the regression model.

Embodiments of the invention are directed to systems, method, and devices for detecting failures in distributed systems. A failure detection platform may identify anomalies in time series data, the time series data corresponding to historical network messages. The anomalies can be labeled and used to train a first predictive model. At least one other model may be trained using the time series data, the anomaly labels and a supervised machine-learning algorithm. A third model can be trained to identify a system failure based at least in part on the outputs provided by the first and the second model. The third model, once trained, can be utilized to predict a future system failure.

Embodiments of the present disclosure relate to the field of communications, and disclose a traffic prediction method, including: acquiring traffic data of a first preset time period in a historical period, and pre-processing the traffic data; performing empirical mode decomposition (EMD) on pre-processed traffic data to obtain a plurality of component series; using a time series prediction model to fit the plurality of component series, and using a fitted time series prediction model to obtain a plurality of component prediction results for a second preset time period; accumulating all the component prediction results to obtain a traffic prediction result for the second preset time period. The present disclosure further provides a traffic prediction device and a storage medium.

This application provides a VNF instantiation method and apparatus, applied to various NFV systems, to implement an existing VNFD model—defined VNF. The method includes: An NFVO obtains a VNFD, where the VNFD is for instantiating a VNF, the VNFD includes first indication information and resource requirement information of a first internal network, and the first indication information indicates that the resource requirement information of the first internal network is externally visible. Then, the NFVO sends an external network instantiation request to a VIM, where the external network instantiation request is used by the VIM to instantiate, based on the resource requirement information of the first internal network, an external network connected to the VNF. Then, the NFVO sends a VNF instantiation request to a VNFM. The VNF instantiation request is used by the VNFM to instantiate the VNF based on the VNFD.

A network attack detection method and apparatus is provided. The network protection device obtains first key data from received first network traffic, and matches the first key data with an attack signature in a signature database to obtain a first matching result; if the network protection device determines, based on the first matching result, that the first network traffic is aggressive, the network protection device obtains a target attack detection model based on the first network traffic, where the target attack detection model is used to identify one or more attack signatures that are different from the attack signature in the signature database; and when the network protection device receives second network traffic, the network protection device determines, based on the target attack detection model, whether the second network traffic is aggressive.

Techniques are disclosed for generating a virtual representation (e.g., one or more digital twin models) of a multi-access edge computing system environment, and managing the multi-access edge computing system environment via the virtual representation. By way of example only, such techniques enable understanding, prediction and/or optimization of performance of applications and/or systems operating in the multi-access edge computing environment.