Methods, systems, and apparatus for root cause analysis in a communication network. In one aspect, a method includes providing a quantum computer with data representing a topology of the communication network, the topology comprising a graph of vertices representing network devices and edges representing connections between network devices; receiving, from the quantum computer, data representing a first subset of network devices, wherein the first subset comprises a dominating set of vertices or a vertex cover for the graph; monitoring network devices in the first subset to generate alarm data representing triggered network device alarms; providing the alarm data to a quantum computer; receiving, from the quantum computer, data representing a second subset of network devices, wherein the second subset comprises a set cover for the alarm data and the network devices in the second subset comprise diagnosed sources of failures in the communication network.

Provided herein are systems and methods for determining relationships between events occurring in networks. Notifications describing events occurring in networks can be received and processed to determine groups of network event types. A root-cause network can be generated based on the events, with the nodes of the root-cause network representing different event types and the edges of the root-cause network indicating directional, causal relationships between the nodes. A received network event can be processed to determine potential causes of the received network event based on the root-cause network and other events received by the network.

The subject matter described herein provides systems and techniques for a network planning and optimization tool that may allow for network capacity planning using key network failures for an arbitrary pair of network topology and demands. Performing network capacity planning with key network failures, instead of using other techniques, may avoid over-building the topology of a network. In particular, key network failures may be generated from the probabilistic failures, and the impact of these failures on a network may be computed. Expected flow availability SLO or a function thereof may be computed, using this information, and used by the tool to design a robust network. With an embedded flow availability calculation and updated risk framework, the capacitated cross-layer network topologies output by the tool may meet network demands/flows with their respective SLO type at the lowest cost.

A method for detecting anomalies in one or more network performance metrics stream for one or more monitored object comprising using a discrete window on the stream to extract a motif from said stream for a first of said network performance metric for a first of said monitored object. Maintaining an abnormal and a normal cluster center of historical time series for said first network performance metric for said first monitored object. Classifying said motif based on a distance between said new time series and said abnormal and said normal cluster center. Determining whether an anomaly for said motif occurred based on said distance and a predetermined decision boundary.

Methods, non-transitory computer readable media, and network traffic manager apparatus that assists with protecting a CPU during a DDOS attack includes monitoring network traffic data from plurality of client devices. Each of the plurality of client devices are classified as a valid device or a potential attacker device based on the monitoring. Next a determination of when CPU utilization of a network traffic manager apparatus is greater than a stored threshold value is made. The CPU utilization of the network traffic manager increases as a number of the plurality of client devices classified as the potential attacker device increases. One or more network actions are performed on the plurality of client devices classified as the potential attacker device to protect the CPU when the determination indicates the CPU utilization is greater than the stored threshold value.

Devices, methods, and systems that provide transmitting of messages between different units of a multi-unit system in response to instantiated multi-unit transactions. For example, a method may include: identifying, by a first unit of a multi-unit system of computing devices, an event has occurred that triggers initiation of a transaction; generating, by the first unit, a transaction identifier associated with the transaction, the transaction identifier comprising a unit identifier of the first unit and an application identifier of an application associated with the event; and transmitting, from the first unit and to a second unit of the multi-unit system, the transaction identifier as part of an inter-unit message.

The invention concerns a method and a system for determining root-cause diagnosis of events occurring during the operation of a communication network comprising monitoring time signals representative of the operation of the network to detect the occurrence of an event relative to the network traffic, and for each detected event, during the duration of said event obtaining distributions of data on several dimensions of the network linked to said event, automatically determining an event root-cause diagnosis of the detected event, called single event diagnosis, comprising at least one element of said distributions, an element being a value taken by a network dimension having a contribution in said distributions of data, the single event diagnosis determination using rules of business logic configuration organized hierarchically, which are applied according to said hierarchy to select at least one element of said distributions, the selection of more than one element comprising machine learning clustering.

Facilitating localization of faults in core, edge, and access networks is provided herein. Operations of a system can include establishing a restoration of a group of communication paths of a network infrastructure that includes network nodes between a root network node and a leaf network node. A fault is determined to exist in the group of communication paths between the root network node and the leaf network node. The operations also can include determining that a defined network node of the network nodes is a source of the fault based on respective positions of user equipment experiencing the fault relative to the defined network node. Further, the operations can include removing the fault based on controlling a functionality of the defined network node.

A computer implemented method of managing a predictive model of a communication network, wherein the predictive model is configured to identify and correct forthcoming failures in network devices based on data collected from the network devices. The method includes allocating network devices of the communication network into first and second clusters, disabling the predictive model in the first cluster, enabling the predictive model in the second cluster, collecting data from the first cluster, repeating said disabling, enabling and collecting with a new allocation of first and second clusters to continuously collect data with different allocation of first and second clusters, and outputting at least the data collected from the first cluster for analysis of the predictive model

A system includes Session-Initiation-Protocol (SIP) servers that provide services for a respective set of endpoints. A monitor server can receive connectivity status of the respective set of endpoints based on registration status provided by the endpoints to the SIP servers. Based upon the received connectivity status, endpoints having connectivity problems are parsed into one or more subgroups. Potential problem sources are identified for the connectivity problems of the parsed endpoints. For each of the subgroups, the monitor server determines whether the subgroup exceeds a corresponding trigger threshold. In response a corresponding trigger threshold being exceeded, an action profile specifying an entity is accessed. A notification is transmitted to the entity.