US Patent 11663067 Computerized high-speed anomaly detection

Embodiments of the invention include a computer-implemented method for detecting anomalies in non-stationary data in a network of computing entities. The method collects non-stationary data in the network and classifies the non-stationary data according to a non-Markovian, stateful classification, based on an inference model. Anomalies can then be detected, based on the classified data. The non-Markovian, stateful process allows anomaly detection even when no a priori knowledge of anomaly signatures or malicious entities exists. Anomalies can be detected in real time (e.g., at speeds of 10-100 Gbps) and the network data variability can be addressed by implementing a detection pipeline to adapt to changes in traffic behavior through online learning and retain memory of past behaviors. A two-stage scheme can be relied upon, which involves a supervised model coupled with an unsupervised model.