Methods and systems for detecting and responding to anomalous nodes in a network include inferring temporal factors, using a computer-implemented neural network, that represent changes in a network graph across time steps, with a temporal factor for each time step depending on a temporal factor for a previous time step. An invariant factor is inferred that represents information about the network graph that does not change across the time steps. The temporal factors and the invariant factor are combined into a combined temporal-invariant representation. It is determined that an unlabeled node is anomalous, based on the combined temporal-invariant representation. A security action is performed responsive to the determination that unlabeled node is anomalous.

An electronic apparatus and a control method are provided. The electronic apparatus includes a transceiver, a memory configured to store an artificial intelligence (AI) model, and a processor configured to control the transceiver to receive environment information from at least one of a plurality of devices that are connected to the electronic apparatus, determine that a predicted device of the plurality of devices will lose a network connection based on the first AI model and the environment information, and in response to determining the predicted device will lose the network connection, maintain the network connection of the predicted device through another device of the plurality of devices. The electronic apparatus may use a rule-based model or an AI model trained by using at least one of a machine learning algorithm, a neural network algorithm, or a deep-learning algorithm.

An electronic apparatus and a control method are provided. The electronic apparatus includes a transceiver, a memory configured to store an artificial intelligence (AI) model, and a processor configured to control the transceiver to receive environment information from at least one of a plurality of devices that are connected to the electronic apparatus, determine that a predicted device of the plurality of devices will lose a network connection based on the first AI model and the environment information, and in response to determining the predicted device will lose the network connection, maintain the network connection of the predicted device through another device of the plurality of devices. The electronic apparatus may use a rule-based model or an AI model trained by using at least one of a machine learning algorithm, a neural network algorithm, or a deep-learning algorithm.

A method, computer program product, and system are provided to identify a target computing system configured to operate in a plurality of service domains. The method, computer program product, and system also, for each service domain of the plurality of service domains: collect current values of: (i) a metric indicating success of the service domain, and (ii) one or more other collection metrics of the service domain; determine one or more predominant metrics from the one or more other collection metrics, based, at least in part, on a statistical regression between the current values of the metric indicating success and the one or more other collection metrics, the one or more predominant metrics being predominant in affecting the metric indicating success; and output an indication of the current values of the metric indicating success and the one or more predominant metrics.

Methods, apparatuses, and systems for providing and maintaining data analytics and data collection as a mobile device disconnects from one network function and connects to another network function. In one aspect, a wireless communication method is disclosed. The method includes receiving, by a first network function operating in a core network of a wireless communication system in which data analytics information or data collection is provided, a notification of a data source change from a first data source to a second data source. The method further includes determining, by the first network element, a second network function associated with the second data source, and transmitting, by the first network function, a request to the second network function for the data analytics information or data collection. The method includes receiving the data analytics information or data collection from the second network function.

Management of immersive reality devices via a reduced competition core network component is disclosed. The reduced competition core network component can preferentially be reserved for immersive reality device data and can therefore exclude some or all other types of data typically associated with conventional wireless network devices, e.g., phone, tablet/laptop computers, IoT devices, etc. This can result in immersive reality data communication that does not have to compete with more generic data types for network or computing resources. Additionally, the reduced competition core network component can be divided into at least one reduced competition user-plane network component and at least one reduced competition control-plane network component. Use of a reduced competition user-plane network component can avoid generating additional carrier network traffic. Further, a reduced competition user-plane network component can facilitate non-carrier entity authentication, security protocols, etc. Hierarchical network component topology can enable rule-based access to computing and network resources.

Systems and methods for providing access to historical data over a real-time tunnel are disclosed. The method provides a mechanism for secure communication between one or more historians. In an example, attack surfaces on historians in an industrial control system operational technology (OT) network and in an information technology (IT) networks are reduced and possibly entirely eliminated by tunneling through a DMZ (de-militarized zone) or “secured network”.

A network node generates a reduced size textual network log by including a set of numerical values for a log entry within a textual network log for a network, the log entry constituting an instance of a recognizable pattern within the textual network log; and then outputs the reduced size textual network log to a network controller for configuring the network.

The present disclosure relates to methods, systems, and non-transitory computer readable media for discovering policy scopes within an enterprise network and managing network policies for discovered policy scopes. In one aspect, a method includes identifying one or more communities of devices in an enterprise network; defining, from the one or more communities of devices, policy scopes in the enterprise network; generating a hierarchical representation of the policy scopes; identifying, based on the hierarchical representation of the policy scopes, one or more policies governing traffic flow between devices associated with each of the policy scopes; and managing application of the one or more policies at the devices.

An information handling system may include a processor; a memory; the processor to execute computer code of an evolved packet core to initiate a tiered communication network access policy by: detecting the connection of each of a plurality of endpoint devices to a communication network via one of a plurality of access points; and determining if a communication channel among a plurality of communication channels is available on the communication network for each of the endpoint devices based on a tier assigned to each of the endpoint devices; the processor to execute computer code of a telemetry data module to: receive telemetry data descriptive of the use characteristics of the endpoint devices; and execute a communication network machine learning algorithm using the telemetry data to generate a network prediction model; the processor to execute computer code of a reallocation module to: predict network resource use across the communication channels of the communication network based on the network prediction model and, with the reallocation module, reallocate endpoint devices based on the predicted network resource use and tier assigned to the endpoint devices.