A cyber security restoration engine takes one or more autonomous remediation actions to remediate one or more nodes in a graph of a system being protected back to a trusted operational state in order to assist in a recovery from the cyber threat. The cyber security restoration engine has a tracking component the operational state of each node in the graph of the protected system. The communication module also cooperates with the cyber security restoration engine to communicate with at least one of an external backup system and a recovery service to invoke backup remediation actions and/or recovery remediation actions to remediate one or more nodes potentially compromised by the cyber threat back to a trusted operational state, for example the state before the detected compromise by the cyber threat occurred in the protected system.

In one aspect, a method performed by a network node for predicting a probability of state change of a node (e.g., a fog node) in a network is provided. The network node determines a set of weights based on attributes of the node. The network node estimates the probability of state change of the node using the determined set of weights and a set of one or more attribute values related to the node where determining the set of weights includes maximizing an evaluation value associated to the node.

Aspects of the disclosure provide methods and apparatuses for network data analytics. In some examples, an apparatus includes processing circuitry. The processing circuitry transmits a network data analytics function (NWDAF) service discovery request to a network repository function (NRF) network element. The NWDAF service discovery request indicates a requested network data analysis service. The processing circuitry receives an NWDAF service discovery response in response to the NWDAF service discovery request. The NWDAF service discovery response includes performance parameter information of one or more NWDAF network elements for the requested network data analysis service. Further, the processing circuitry selects, according to the performance parameter information of the one or more NWDAF network elements for the requested network data analysis service, a target NWDAF network element used for providing the requested network data analysis service, and transmits an NWDAF service request to the target NWDAF network element.

Aspects of the disclosure provide methods and apparatuses for network data analytics. In some examples, an apparatus includes processing circuitry. The processing circuitry transmits a network data analytics function (NWDAF) service discovery request to a network repository function (NRF) network element. The NWDAF service discovery request indicates a requested network data analysis service. The processing circuitry receives an NWDAF service discovery response in response to the NWDAF service discovery request. The NWDAF service discovery response includes performance parameter information of one or more NWDAF network elements for the requested network data analysis service. Further, the processing circuitry selects, according to the performance parameter information of the one or more NWDAF network elements for the requested network data analysis service, a target NWDAF network element used for providing the requested network data analysis service, and transmits an NWDAF service request to the target NWDAF network element.

Systems, methods and/or computer program products for managing and dynamically automating service mesh communications between microservices, eliminating unnecessary exposure of microservice ports and increasing security between microservices of the service mesh. The control plane collects data describing communications between microservices and tracks the frequency at which microservices communicate. Collected data is fed to machine learning models which outputs a forecast predicting future communication interactions between microservices. Using the predicted requirements for facilitating communications between microservices of the service mesh, an allowed list of communications can be generated describing the microservices allowed to send and receive communications, duration of communications allowed, when such communications are allowed, and the ports that will be used for facilitating the communication between microservices. Administrators of the service mesh may manually override the one or more approved aspects of the dynamically generated allowed list configured automatically by the service mesh.

A computer-implemented method, system and computer program product for accurately identifying an execution time of a performance test. Network latency data is grouped into clustered groups of network latency data. Furthermore, the performance test execution times for the same group of performance tests run in the local and remote cluster environments are obtained. The test execution times impacted by network latency (compensation times) are then determined based on such obtained performance test execution times in the local and remote cluster environments. Such compensation times are then grouped into clustered groups of compensation times. A regression model is built to predict a performance test execution time impacted by network latency (compensation time) using the clustered groups of network latency data and compensation times. The execution time of a performance test run in the remote cluster environment is then generated that takes into consideration the compensation time predicted by the regression model.

Systems and methods for identifying Passive Intermodulation (PIM) products are disclosed. Some embodiments use RAN Performance Measurement (PM) counters, of actual DL Traffic Load to correlate with UL noise and interference counters. By using counters, the DL traffic is correlated to the increase in noise and interference in order to determine which DL carrier combinations are causing degradation to which UL carriers. In this way, aggressor-victim grouping can be identified through normal downlink traffic load with uplink interference to identify passive intermodulation products. This can be done for all aggressor-victim groups within a radio base station site or cluster of sites. Also, some embodiments enable estimating the maximum PIM interference created by the aggressor carriers. This helps operators to quantify the impact of PIM and can enable them to take counter measures. These embodiments are Radio Access Technology (RAT) agnostic and operator agnostic for the aggressors within a site.

Embodiments of the invention are directed to systems, method, and devices for detecting failures in distributed systems. A failure detection platform may identify anomalies in time series data, the time series data corresponding to historical network messages. The anomalies can be labeled and used to train a first predictive model. At least one other model may be trained using the time series data, the anomaly labels and a supervised machine-learning algorithm. A third model can be trained to identify a system failure based at least in part on the outputs provided by the first and the second model. The third model, once trained, can be utilized to predict a future system failure.

Embodiments of the present disclosure relate to the field of communications, and disclose a traffic prediction method, including: acquiring traffic data of a first preset time period in a historical period, and pre-processing the traffic data; performing empirical mode decomposition (EMD) on pre-processed traffic data to obtain a plurality of component series; using a time series prediction model to fit the plurality of component series, and using a fitted time series prediction model to obtain a plurality of component prediction results for a second preset time period; accumulating all the component prediction results to obtain a traffic prediction result for the second preset time period. The present disclosure further provides a traffic prediction device and a storage medium.

Embodiments of the present disclosure relate to the field of communications, and disclose a traffic prediction method, including: acquiring traffic data of a first preset time period in a historical period, and pre-processing the traffic data; performing empirical mode decomposition (EMD) on pre-processed traffic data to obtain a plurality of component series; using a time series prediction model to fit the plurality of component series, and using a fitted time series prediction model to obtain a plurality of component prediction results for a second preset time period; accumulating all the component prediction results to obtain a traffic prediction result for the second preset time period. The present disclosure further provides a traffic prediction device and a storage medium.