Patent attributes
A system and method of improving anomaly detection rate in a communication network. A server computer may receive a data set comprising traffic flows communicated over the communication network and group the traffic flows into data categories based on the type of network service such as transport control protocol (TCP) port numbers or User Datagram Protocol (UDP) port numbers of the traffic flows, or based on application layer protocols associated with the traffic flows. The server computer may further detect anomalies in each of the data categories based on inconsistencies between at least one common feature associated with a data category and traffic flows in the data category. Different data categories may be associated with different the at least one common feature. The anomaly detection may be supervised or unsupervised.
