FORM 2
THE PATENTS ACT, 1970 (39 of 1970) THE PATENTS RULES, 2003
COMPLETE SPECIFICATION
(See section 10; rule 13)
TITLE OF THE INVENTION
METHOD AND SYSTEM FOR MANAGING ANOMALIES IN A NETWORK
APPLICANT
JIO PLATFORMS LIMITED
of Office-101, Saffron, Nr. Centre Point, Panchwati 5 Rasta, Ambawadi, Ahmedabad -
380006, Gujarat, India; Nationality : India
The following specification particularly describes
the invention and the manner in which
it is to be performed

RESERVATION OF RIGHTS
[001] A portion of the disclosure of this patent document contains
material, which is subject to intellectual property rights such as, but are not limited to, copyright, design, trademark, Integrated Circuit (IC) layout design, and/or trade dress protection, belonging to Jio Platforms Limited (JPL) or its affiliates (herein after referred as owner). The owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all rights whatsoever. All rights to such intellectual property are fully reserved by the owner.
TECHNICAL FIELD
[002] The present disclosure relates to telecommunication networks. In
particular, the present disclosure relates to a method and a system for managing anomalies in a network.
BACKGROUND
[003] The following description of related art is intended to provide
background information pertaining to the field of the disclosure. This section may include certain aspects of the art that may be related to various features of the present disclosure. However, it should be appreciated that this section be used only to enhance the understanding of the reader with respect to the present disclosure, and not as admissions of prior art.
[004] Traditionally, when a fault (i.e., an anomaly) occurs in a network, a
root cause analysis (RCA) is performed by network administrators to identify an underlying reason for the fault occurrence. The RCA typically involves analyzing a large quantity of diverse network data, such as network logs, traffic patterns, system performance metrics, etc., obtained from various sources such as alarms, counters, logs, and other network monitoring tools. However, accurate diagnose of the fault occurrence, often requires correlating these different types of network data to pinpoint a root cause of the fault occurrence. This correlation is typically done based on a user input or predefined rules. As a result, the network administrators

need to constantly monitor the network data and manually intervene to correlate it effectively. This manual intervention process can be cumbersome and prone to errors, leading to delays in fault resolution and potentially impacting network performance and reliability.
[005] However, the traditional manual approaches of identifying the root
cause of network fault face many challenges, for example, due to complexity of the
network data, the network administrators often face challenges in identifying
correlations to determine the root cause accurately as the network generates a vast
amount of network data, including sheer and diverse network data. Further, the need
of manual intervention required for network data correlation can slow down a
network fault diagnosis process, leading to longer downtimes and reduced
operational efficiency. Furthermore, relying on the manual intervention for the
network data correlation introduces a risk of errors or oversights as the network
administrators may overlook important correlations or misinterpret network data,
leading to inaccurate fault diagnosis and prolonged downtime. Hence, there is a
need for addressing these challenges often faced using existing traditional manual
approaches that require the manual intervention for the network fault diagnosis.
[006] There is, therefore, a requirement in the art for a means to provide
real-time and dynamic means for managing anomalies in a network with minimal manual or user intervention.
OBJECTS OF THE PRESENT DISCLOSURE
[007] It is an object of the present disclosure to provide a method and a
system for managing anomalies in a network.
[008] Another object of the present disclosure is to provide a unified
environment for analyzing diverse network data types without requirement of
multiple tools or platforms, hence streamlining a network analysis process.
[009] Another object of the present disclosure is to enhance adaptability
and efficiency by enabling users to define customized workflows that trigger
specific actions or analysis based on predefined anomalies.

[0010] Another object of the present disclosure is to reduce manual effort
by automatically detecting the anomalies and executing required workflows, hence ensuring timely responses to the predefined anomalies.
[0011] Another object of the present disclosure is to provide early detection
of the anomalies facilitating prompt intervention and resolution.
SUMMARY
[0012] The present disclosure discloses a method for managing anomalies
in a network. The method includes receiving a plurality of network data from the
network in real-time. The method includes analyzing, via an Artificial Intelligence
(AI) model, the plurality of network data to detect one or more anomalies within
the plurality of network data. The method includes generating a trigger
corresponding to the one or more anomalies based on a trigger condition. The
method includes performing a correlation analysis on the one or more anomalies to
identify a relationship between each of the plurality of network data. The method
includes retrieving at least one workflow corresponding to the one or more
anomalies from a centralized database based on the correlation analysis, upon
receiving the trigger. The method includes executing the at least one workflow
based on the trigger generated corresponding to the one or more anomalies. The
method includes providing an output corresponding to the execution of the at least
one workflow to a user.
[0013] In an embodiment, the centralized database includes a plurality of
workflows corresponding to a plurality of user-defined use cases associated with
the network.
[0014] In an embodiment, each of the at least one workflow is executed
concurrently.
[0015] In an embodiment, the output includes a notification indicating one
of a successful execution or an unsuccessful execution corresponding to the at least
one workflow.
[0016] In an embodiment, wherein the method further includes displaying
the output to the user via a Graphical User Interface (GUI).

[0017] In an embodiment, the method further comprising receiving a
workflow creation request including a correlation logic corresponding to a workflow associated with a user-defined user case. The workflow is created for each of the plurality of user-defined use cases. The method further includes validating the workflow creation request. The validation is one of a successful validation or an unsuccessful validation. The method further includes generating the workflow for the user-defined user case based on the correlation logic, upon the successful validation. The method further includes storing the workflow in the centralized database.
[0018] In an embodiment, the method further includes, upon the
unsuccessful validation of the workflow creation request, generating a notification depicting a failure in validation of the workflow creation request for notifying the user. The method further includes rendering, via the GUI, the notification to the user.
[0019] In an embodiment, the plurality of network data includes at least one
of an alarm data, an infra-metric data, a counter data, data records, logs, and a virtual probe data.
[0020] In an embodiment, the one or more anomalies are detected based on
an anomaly threshold defined by the user via the GUI.
[0021] In an embodiment, the at least one workflow includes a set of pre-
defined actions for resolving the one or more anomalies.
[0022] In an embodiment, the trigger condition includes one of a first trigger
condition or a second trigger condition.
[0023] In an embodiment, the trigger is generated based on the first trigger
condition when a single anomaly is detected in the plurality of network data. The trigger is generated based on the second trigger condition when more than one anomaly is detected in the plurality of network data.
[0024] In an embodiment, the correlation logic in the workflow creation
request includes a plurality of nodes, each node representing a type of a network data, a set of relationships defining connections and logic between each of the

plurality of nodes, and a trigger condition indicating when the first trigger condition
or the second trigger condition activates.
[0025] The present disclosure discloses a system for managing anomalies in
a network. The system includes a processing engine and a memory coupled to the
processing engine and configured to store instructions executable by the processing
engine causes the processing engine to receive a plurality of network data from the
network in real-time. The processing engine is further configured to analyze, via an
Artificial Intelligence (AI) model, the plurality of network data to detect one or
more anomalies within the plurality of network data. The processing engine is
further configured to generate a trigger corresponding to the one or more anomalies
based on a trigger condition. The processing engine is further configured to perform
a correlation analysis on the one or more anomalies to identify a relationship
between each of the plurality of network data. The processing engine is further
configured to retrieve at least one workflow corresponding to the one or more
anomalies from a centralized database based on the correlation analysis, upon
receiving the trigger. The processing engine is further configured to executing the
at least one workflow based on the trigger generated corresponding to the one or
more anomalies. The processing engine is further configured to providing an output
corresponding to the execution of the at least one workflow to a user.
[0026] In an embodiment, the centralized database includes a plurality of
workflows corresponding to a plurality of user-defined use cases associated with
the network.
[0027] In an embodiment, each of the at least one workflow is executed
concurrently.
[0028] In an embodiment, the output includes a notification indicating one
of a successful execution or an unsuccessful execution corresponding to the at least
one workflow.
[0029] In an embodiment, the processing engine is further configured to
display, via a Graphical User Interface (GUI), the output to the user.
[0030] In an embodiment, the processing engine is further configured to
receive a workflow creation request including a correlation logic corresponding to

a workflow associated with a user-defined user case, from the user. The workflow
is created for the plurality of user-defined use cases. The processing engine is
further configured to validate the workflow creation request. The validation is one
of a successful validation or an unsuccessful validation. The processing engine is
further configured to generate the workflow for the user-defined user case based on
the correlation logic, upon the successful validation. The processing engine is
further configured to store the workflow in the centralized database.
[0031] In an embodiment, the processing engine is further configured to
generate a notification depicting a failure in validation of the workflow creation request for notifying the user, upon the unsuccessful validation of the workflow creation request. The processing engine is further configured to render, via the GUI, the notification to the user.
[0032] In an embodiment, the plurality of network data includes at least one
of an alarm data, an infra-metric data, a counter data, data records, logs, and a virtual probe data.
[0033] In an embodiment, the one or more anomalies are detected based on
an anomaly threshold defined by the user via the GUI.
[0034] In an embodiment, the at least one workflow includes a set of pre-
defined actions for resolving the one or more anomalies.
[0035] In an embodiment, the trigger condition includes one of a first trigger
condition or a second trigger condition.
[0036] In an embodiment, the trigger is generated based on the first trigger
condition when a single anomaly is detected in the plurality of network data. The trigger is generated based on the second trigger condition when more than one anomaly is detected in the plurality of network data.
[0037] In an embodiment, the correlation logic in the workflow creation
request includes a plurality of nodes, each node representing a type of a network data, a set of relationships defining connections and logic between each of the plurality of nodes, and a trigger condition indicating when the first trigger condition or the second trigger condition activates.

[0038] The present disclosure discloses a user equipment (UE)
communicatively coupled with a network. The coupling includes a step of receiving, by the network, a connection request from the UE. The coupling includes a step of sending, by the network, an acknowledgment of the connection request to the UE. The coupling includes a step of transmitting a plurality of signals in response to the connection request. Based on the connection request a plurality of workflows are created for managing anomalies in the network. Upon creating the plurality of workflows, a system is configured for managing the anomalies in the network.
[0039] The foregoing general description of the illustrative embodiments
and the following detailed description thereof are merely exemplary aspects of the teachings of this disclosure and are not restrictive.
BRIEF DESCRIPTION OF THE DRAWINGS
[0040] The accompanying drawings, which are incorporated herein, and
constitute a part of this disclosure, illustrate exemplary embodiments of the
disclosed methods and systems in which like reference numerals refer to the same
parts throughout the different drawings. Components in the drawings are not
necessarily to scale, emphasis instead being placed upon clearly illustrating the
principles of the present disclosure. Some drawings may indicate the components
using block diagrams and may not represent the internal circuitry of each
component. It will be appreciated by those skilled in the art that disclosure of such
drawings includes the disclosure of electrical components, electronic components
or circuitry commonly used to implement such components.
[0041] FIG. 1 illustrates an exemplary network architecture for
implementing a system for managing anomalies in a network, in accordance with an embodiment of the present disclosure.
[0042] FIG. 2 illustrates an exemplary block diagram of the system
configured for managing anomalies in a network, in accordance with an embodiment of the present disclosure.

[0043] FIG. 3 illustrates an exemplary flow diagram of a method for
managing anomalies in a network, in accordance with an embodiment of the disclosure.
[0044] FIG. 4 illustrates a detailed exemplary process flow of a method for
5 managing anomalies in a network, in accordance with an embodiment of the present disclosure.
[0045] FIG. 5 illustrates an example computer system in which or with
which the embodiments of the present disclosure may be implemented.
[0046] The foregoing shall be more apparent from the following more
10 detailed description of the disclosure.
LIST OF REFERENCE NUMERALS
100 - Network architecture
102-1, 102-2… 102-N - Plurality of Users
104-1, 104-2… 104-N - Plurality of User Equipments 15 106 - Network
108 - System
110 - Entity
112 - Centralized Server
202 - Processor 20 204 - Memory
206 - A Plurality of Interfaces
208 - Processing Engine
210 - Load Balancer
212 - Artificial Intelligence (AI) Engine 25 214 - Analysis engine
216 - Correlation engine
218 - Computation engine
220 - Caching engine
222 - Database 30 300 - Flow diagram
9

400 – Process flow diagram 402 – User 404 – User interface 406 – Distributed data lake 5 510 – External Storage Device 520 – Bus
530 – Main Memory 540 – Read Only Memory 550 – Mass Storage Device 10 560 – Communication Port 570 – Processor
DETAILED DESCRIPTION
[0047] In the following description, for the purposes of explanation, various
specific details are set forth in order to provide a thorough understanding of
15 embodiments of the present disclosure. It will be apparent, however, that embodiments of the present disclosure may be practiced without these specific details. Several features described hereafter can each be used independently of one another or with any combination of other features. An individual feature may not address any of the problems discussed above or might address only some of the
20 problems discussed above. Some of the problems discussed above might not be fully addressed by any of the features described herein. Example embodiments of the present disclosure are described below, as illustrated in various drawings in which like reference numerals refer to the same parts throughout the different drawings.
25 [0048] The ensuing description provides exemplary embodiments only, and
is not intended to limit the scope, applicability, or configuration of the disclosure. Rather, the ensuing description of the exemplary embodiments will provide those skilled in the art with an enabling description for implementing an exemplary embodiment. It should be understood that various changes may be made in the
10

function and arrangement of elements without departing from the spirit and scope of the disclosure as set forth.
[0049] Specific details are given in the following description to provide a
thorough understanding of the embodiments. However, it will be understood by one 5 of ordinary skill in the art that the embodiments may be practiced without these specific details. For example, circuits, systems, networks, processes, and other components may be shown as components in block diagram form in order not to obscure the embodiments in unnecessary detail. In other instances, well-known circuits, processes, algorithms, structures, and techniques may be shown without
10 unnecessary detail in order to avoid obscuring the embodiments.
[0050] Also, it is noted that individual embodiments may be described as a
process that is depicted as a flowchart, a flow diagram, a data flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process, many of the operations can be performed in
15 parallel or concurrently. In addition, the order of the operations may be re-arranged. A process is terminated when its operations are completed but could have additional steps not included in a figure. A process may correspond to a method, a function, a procedure, a subroutine, a subprogram, etc. When a process corresponds to a function, its termination can correspond to a return of the function to the calling
20 function or the main function.
[0051] The word “exemplary” and/or “demonstrative” is used herein to
mean serving as an example, instance, or illustration. For the avoidance of doubt, the subject matter disclosed herein is not limited by such examples. In addition, any aspect or design described herein as “exemplary” and/or “demonstrative” is not
25 necessarily to be construed as preferred or advantageous over other aspects or designs, nor is it meant to preclude equivalent exemplary structures and techniques known to those of ordinary skill in the art. Furthermore, to the extent that the terms “includes,” “has,” “contains,” and other similar words are used in either the detailed description or the claims, such terms are intended to be inclusive like the term
30 “comprising” as an open transition word without precluding any additional or other elements.
11

[0052] Reference throughout this specification to “one embodiment” or “an
embodiment” or “an instance” or “one instance” means that a particular feature,
structure, or characteristic described in connection with the embodiment is included
in at least one embodiment of the present disclosure. Thus, the appearances of the
5 phrases “in one embodiment” or “in an embodiment” in various places throughout
this specification are not necessarily all referring to the same embodiment.
Furthermore, the particular features, structures, or characteristics may be combined
in any suitable manner in one or more embodiments.
[0053] The terminology used herein is to describe particular embodiments
10 only and is not intended to be limiting the disclosure. As used herein, the singular forms “a”, “an”, and “the” are intended to include the plural forms as well, unless the context indicates otherwise. It will be further understood that the terms “comprises” and/or “comprising,” when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or
15 components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term “and/or” includes any combinations of one or more of the associated listed items. It should be noted that the terms “mobile device”, “user equipment”, “user device”, “communication device”, “device” and similar terms
20 are used interchangeably for the purpose of describing the invention. These terms are not intended to limit the scope of the invention or imply any specific functionality or limitations on the described embodiments. The use of these terms is solely for convenience and clarity of description. The invention is not limited to any particular type of device or equipment, and it should be understood that other
25 equivalent terms or variations thereof may be used interchangeably without
departing from the scope of the invention as defined herein.
[0054] As used herein, an “electronic device”, or “portable electronic
device”, or “user device” or “communication device” or “user equipment” or “device” refers to any electrical, electronic, electromechanical, and computing
30 device. The user device is capable of receiving and/or transmitting one or parameters, performing function/s, communicating with other user devices, and
12

transmitting data to the other user devices. The user equipment may have a processor, a display, a memory, a battery, and an input-means such as a hard keypad and/or a soft keypad. The user equipment may be capable of operating on any radio access technology including but not limited to IP-enabled communication, Zig Bee, 5 Bluetooth, Bluetooth Low Energy, Near Field Communication, Z-Wave, Wi-Fi, Wi-Fi direct, etc. For instance, the user equipment may include, but not limited to, a mobile phone, smartphone, virtual reality (VR) devices, augmented reality (AR) devices, laptop, a general-purpose computer, desktop, personal digital assistant, tablet computer, mainframe computer, or any other device as may be obvious to a
10 person skilled in the art for implementation of the features of the present disclosure.
[0055] Further, the user device may also comprise a “processor” or
“processing unit” includes processing unit, wherein processor refers to any logic circuitry for processing instructions. The processor may be a general-purpose processor, a special purpose processor, a conventional processor, a digital signal
15 processor, a plurality of microprocessors, one or more microprocessors in association with a DSP core, a controller, a microcontroller, Application Specific Integrated Circuits, Field Programmable Gate Array circuits, any other type of integrated circuits, etc. The processor may perform signal coding data processing, input/output processing, and/or any other functionality that enables the working of
20 the system according to the present disclosure. More specifically, the processor is a hardware processor.
[0056] Embodiments herein relate to a method for managing anomalies in a
network. In particular, a plurality of network data may be received from the network in real-time. Further, the plurality of network data may be analyzed using an
25 Artificial Intelligence (AI) model to detect one or more anomalies within the plurality of network data. Upon detection of the one or more anomalies, a trigger may be generated. The trigger may be generated corresponding to the one or more anomalies based on a trigger condition. Further, a correlation analysis may be performed on the one or more anomalies to identify a relationship between each of
30 the plurality of network data. Based on the correlation analysis at least one workflow corresponding to the one or more anomalies may be retrieved from a
13

centralized database based on the correlation analysis, upon receiving the trigger.
Further, the at least one workflow may be executed. The at least one workflow is
executed to resolve the one or more anomalies. An output corresponding to the
execution of the at least one workflow may be provided to a user.
5 [0057] The various embodiments throughout the disclosure will be
explained in more detail with reference to FIG. 1- FIG. 5.
[0058] FIG. 1 illustrates an exemplary network architecture 100 for
implementing a system 108, in accordance with an embodiment of the present disclosure. The system 108 is configured for managing anomalies in a network. In
10 an embodiment, the network, for example, may be a wireless communication network, such as, a Fourth Generation (4G) network, a Fifth Generation (5G) network, a Sixth Generation (6G) network, and the like. It should be noted that, the anomalies may correspond to any deviations from normal behaviour or expected patterns, which could indicate faults, errors, potential security threats, performance
15 issues, or system failures. For example, the anomalies may be, but are not limited to, a network failure, a call drop, a detected security event (e.g., unauthorized access attempts), unusual traffic patterns (e.g., sudden spike or drop in a network traffic), an unexpected protocol usage, an abnormal bandwidth consumption, Domain Name System (DNS) traffic anomalies, Internet of Things (IoT) device anomalies (e.g.,
20 abnormal behaviour of connected devices, such as unauthorized access attempts,
unusual data transmission patterns, etc.). It should be noted that, the anomalies are
not restricted to the above disclosed anomalies and may include any anomaly
existing in the network.
[0059] In order to manage anomalies in the network, the network
25 architecture 100 may include one or more computing devices or user equipments 104-1, 104-2…104-N associated with one or more users 102-1, 102-2…102-N in an environment. A person of ordinary skill in the art will understand that one or more users 102-1, 102-2…102-N may be individually referred to as the user 102 and collectively referred to as the users 102. Similarly, a person of ordinary skill in
30 the art will understand that one or more user equipments 104-1, 104-2…104-N may be individually referred to as the user equipment 104 and collectively referred to as
14

the user equipments 104. A person of ordinary skill in the art will appreciate that the terms “computing device(s)” and “user equipment” may be used interchangeably throughout the disclosure. Although three user equipments 104 are depicted in FIG. 1, however any number of the user equipments 104 may be 5 included without departing from the scope of the ongoing description.
[0060] In an embodiment, the user equipment 104 includes smart devices
operating in a smart environment, for example, an Internet of Things (IoT) system. In such an embodiment, the user equipment 104 may include, but is not limited to, smart phones, smart watches, smart sensors (e.g., a mechanical sensor, a thermal
10 senor, an electrical sensor, a magnetic sensor, etc.), networked appliances, networked peripheral devices, networked lighting system, communication devices, networked vehicle accessories, networked vehicular devices, smart accessories, tablets, smart televisions (TVs), computers, smart security systems, smart home systems, other devices for monitoring or interacting with or for the user 102 and/or
15 entities, or any combination thereof. A person of ordinary skill in the art will appreciate that the user equipment 104 may include, but is not limited to, intelligent, multi-sensing, network-connected devices, that can integrate seamlessly with each other and/or with a central server or a cloud-computing system or any other device that is network-connected.
20 [0061] In an embodiment, the user equipment 104 may include, but is not
limited to, a handheld wireless communication device (e.g., a mobile phone, a smart phone, a phablet device, and so on), a wearable computer device(e.g., a head-mounted display computer device, a head-mounted camera device, a wristwatch computer device, and so on), a Global Positioning System (GPS) device, a laptop
25 computer, a tablet computer, or another type of portable computer, a media playing device, a portable gaming system, and/or any other type of computer device with wireless communication capabilities, and the like. In an embodiment, the user equipment 104 may include, but is not limited to, any electrical, electronic, electro¬mechanical device, or an equipment, or a combination of one or more of the above
30 devices such as virtual reality (VR) devices, augmented reality (AR) devices, a laptop, a general-purpose computer, a desktop, a personal digital assistant, a tablet
15

computer, a mainframe computer, or any other computing device. Further, the user
equipment 104 may include one or more in-built or externally coupled accessories
including, but not limited to, a visual aid device such as a camera, an audio aid, a
microphone, a keyboard, and input devices for receiving input from the user 102,
5 or an entity 110 such as a touch pad, a touch enabled screen, an electronic pen, and
the like. A person of ordinary skill in the art will appreciate that the user equipment
104 may not be restricted to the mentioned devices and various other devices may
be used.
[0062] In FIG. 1, the user equipment 104 may communicate with the system
10 108 through a network 106. In an embodiment, the network 106 includes at least one of the 4G network, the 5G network, the 6G network, or the like. The network 106 may enable the user equipment 104 to communicate with other devices in the network architecture 100 and/or with the system 108. The network 106 may include a wireless card or some other transceiver connection to facilitate this
15 communication. In another embodiment, the network 106 may be implemented as, or include any of a variety of different communication technologies such as a wide area network (WAN), a local area network (LAN), a wireless network, a mobile network, a Virtual Private Network (VPN), the Internet, the Public Switched Telephone Network (PSTN), or the like.
20 [0063] In another exemplary embodiment, a centralized server 112 may
include or comprise, by way of example but not limitation, one or more of: a stand¬alone server, a server blade, a server rack, a bank of servers, a server farm, a hardware supporting a part of a cloud service or a system, a home server, a hardware running a virtualized server, one or more processors executing code to function as
25 a server, one or more machines performing server-side functionality as described
herein, at least a portion of any of the above, some combination thereof.
[0064] In some embodiments, the user equipment 104 that is coupled with
the system 102 configured for managing anomalies. Initially, the network 106 is configured to receive a connection request from the user equipment 104. Upon
30 receiving the connection request, the network 106 is configured for sending the acknowledgement of the connection request to user equipment 104. Further, a
16

plurality of signals is transmitted in response to the connection request. Based on the connection request, a plurality of workflows is created for managing the anomalies in the network 106. Once the plurality of workflows is created, the system 108 is configured for managing the anomalies in the network 106. In an 5 embodiment, in order to create the plurality of workflows, upon establishing the connection with the network 106, the user equipment 104 may be configured to send a workflow creation request to the system 108. The workflow creation request may include a correlation logic corresponding to a workflow associated with a user-defined user case. The workflow is created for the plurality of user-defined use
10 cases. The user equipment 104 may be further configured to receive an outcome corresponding to a validation of the workflow creation request in response to sending the workflow creation request, from the system 108. The outcome corresponding to a validation of the workflow creation request is one of a successful validation or an unsuccessful validation.
15 [0065] Further, in order to manage the anomalies in the network (e.g., the
network 106), the system 108 is configured to detect the anomalies in a network data associated with the network. Further, upon detecting the anomalies, the system 108 may be configured to execute workflows for resolving the anomalies. This is further explained in detail in conjunction with FIGS. 2 – 4.
20 [0066] FIG. 2 illustrates an example block diagram 200 of the system 108
configured for managing anomalies in a network, in accordance with an embodiment of the present disclosure. FIG. 2 is explained in conjunction with FIG. 1. In particular, the system 108 is implemented for detecting and managing one or more anomalies.
25 [0067] The system 108 includes one or more processor(s) 202. The one or
more processor(s) 202 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, logic circuitries, and/or any devices that process data based on operational instructions. Among other capabilities, the one or more processor(s) 202 may be
30 configured to fetch and execute computer-readable instructions stored in a memory 204 of the system 108. The memory 204 is configured to store one or more
17

computer-readable instructions or routines in a non-transitory computer readable storage medium, which may be fetched and executed to create or share data packets over a network service. In an aspect, the memory 204 is configured to store received requests (e.g., a plurality of network data). In another aspect, the memory 204 is 5 configured to store the one or more anomalies detected in the plurality of network data. The memory 204 may comprise any non-transitory storage device including, for example, volatile memory such as random-access memory (RAM), or non¬volatile memory such as erasable programmable read only memory (EPROM), flash memory, and the like.
10 [0068] In an embodiment, the system 108 may include an interface(s) 206.
The interface(s) 206 may comprise a variety of interfaces, for example, interfaces for data input and output devices (I/O), storage devices, and the like. The interface(s) 206 may facilitate communication through the system 108. The interface(s) 206 may also provide a communication pathway for one or more
15 components of the system 108. Examples of such components include, but are not limited to, processing engine(s) 208 and a database 222. Further, the processing engine(s) 208 may include a load balancer 210, an artificial intelligence (AI) engine 212, an analysis engine 214, a correlation engine 216, a computation engine 218, and a caching engine 220. In an embodiment, the processing engine 208 may
20 include other engine(s), such as an input/output engine and a notification engine.
[0069] The load balancer 210 may be configured for adjusting the
distribution of workflow creation requests received form users as network traffic. A workflow creation request may include a correlation logic corresponding to a workflow that needs to be created for a user-defined use case. The user-defined user
25 case, for example, may be a network failure, a call drop, a detection of a security incident, a detection associated with a network device experience, a degradation of network performance below an acceptable threshold (e.g., an acceptance threshold of 2.5%), a deployment of a new service or an application (e.g., a mobile application or a web application) in the network, and the like. The workflow may be generated
30 for each of these user-defined cases as per the requirement of the user (e.g., a network administrator or a network operator). In some embodiments, the load
18

balancer 210 may be configured to balance incoming network traffic (i.e., the
network data) among multiple servers or backend resources.
[0070] The analysis engine 214 may be configured to analyze the workflow
creation request to validate the workflow creation request. Based on the analysis, 5 the analysis engine 214 is further configured to generate an outcome that includes a successful validation when the workflow creation request is successfully validated and an unsuccessful validation when the workflow creation request is not successfully validated. Once the workflow creation request is successfully validated, the outcome of the successful validation is transmitted to the correlation
10 engine 216. Further, the generated workflow is stored in a centralized database (e.g.,
a database with the centralized server 112). In some embodiments, the analysis
engine 214 may be configured to receive a workflow execution request to notify the
correlation engine 216 to start execution of at least one workflow.
[0071] Further, the AI engine 212 may include an AI model. The AI model
15 may be pre-trained based on a plurality of anomalies associated with a plurality of user-defined use cases. Further, the AI engine 212 may be configured to detect the one or more anomalies in the plurality of network data. The plurality of network data, for example, may include at least one of an alarm data, an infra-metric data, a counter data, data records, logs, and a virtual probe data. Further, the examples of
20 the one or more anomalies may include, but are not limited to, a network failure, a call drop, a detected security event (e.g., unauthorized access attempts), unusual traffic patterns (e.g., sudden spike or drop in the network traffic), an unexpected protocol usage, an abnormal bandwidth consumption, DNS traffic anomalies, IoT device anomalies (e.g., abnormal behaviour of connected devices, such as
25 unauthorized access attempts, unusual data transmission patterns, etc.). In some embodiment, the AI model may alert the computation engine 218 about an occurrence of the one or more anomalies.
[0072] The computation engine 218 may be communicatively coupled with
the AI engine 212 and is configured for detecting the one or more anomalies. The
30 computation engine 218 may perform computations such as data aggregation, filtering, correlation analysis, and statistical analysis to identify the one or more
19

anomalies within the plurality of network data. For example, when the AI engine
212 detects the sudden spike in the network traffic, the computation engine 218 is
configured to detect an amount of the spike (e.g., spike to 100,000 visitors per hour
on a website which usually is 10,000 visitors per hour) in the network traffic by
5 performing computations on the plurality of network data. Further, the computation
engine 218 may be configured to generate a trigger for executing the at least one
workflow corresponding to each of the one or more anomalies.
[0073] The correlation engine 216 may be configured to perform a
correlation analysis on the one or more anomalies to identify relationships between
10 the plurality of network data. The relationships, for example, may be a bandwidth utilization versus a network traffic, anomalies rates versus a health of network devices (e.g., routers, switches, access points, etc.), an activity of a user of the user equipment 104 versus security events, and the like. Further, the correlation engine 216 may be configured to retrieve at least one workflow corresponding to the one
15 or more anomalies for resolving each of the one or more anomalies.
[0074] The caching engine 220 may include a caching layer configured for
storing frequently accessed data or computation results, such as the plurality of network data received in real-time, the one or more anomalies, the identified relationships, the at least one workflow, and the like, for rapid retrieval. Further,
20 the database 222 may be configured to store one or more intermediate results, such as the one or more anomalies, the at least one workflow, or a final result, i.e., an output generated in response to execution of the at least one workflow. Once the output corresponding to the execution is generated, the output may be rendered to the user, i.e., the network administrator or the network operator. Further, the output
25 generated corresponding to the execution of the at least one workflow is stored in
the centralized database. With reference to FIG. 1, the centralized database may
reside within the centralized server 112. This complete method followed by above
engines is further explained in detail in conjunction with FIGS. 3 and 4.
[0075] In an embodiment, the processing engine(s) 208 may be
30 implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the
20

processing engine(s) 208. In examples described herein, such combinations of hardware and programming may be implemented in several different ways. For example, the programming for the processing engine(s) 208 may be processor-executable instructions stored on a non-transitory machine-readable storage 5 medium and the hardware for the processing engine(s) 208 may comprise a processing resource (for example, one or more processors), to execute such instructions. In the present examples, the machine-readable storage medium may store instructions that, when executed by the processing resource, implement the processing engine(s) 208. In such examples, the system 108 may comprise the
10 machine-readable storage medium storing the instructions and the processing resource to execute the instructions, or the machine-readable storage medium may be separate but accessible to the system and the processing resource. In other examples, the processing engine(s) 208 may be implemented by electronic circuitry.
15 [0076] FIG. 3 illustrates an exemplary flow diagram of a method 300 for
managing anomalies in the network, in accordance with an embodiment of the
disclosure. FIG. 3 is explained in conjunction with FIGS. 1 and 2.
[0077] Initially, at step 302, the plurality of network data may be received
from the network in real-time. In an embodiment, the network may be any wireless
20 communication network, such as the 4G network, the 5G network, the 6G network, and the like. Further, the plurality of network data may include, at least one of the alarm data, the infra-metric data, the counter data, the data records, logs, and the virtual probe data. The alarm data, for example, includes notifications or alerts generated by network components or devices (e.g., routers, switches, access points,
25 etc.) or monitoring systems (e.g., a firewall, a network monitoring system) to
indicate potential issues or events (e.g., the anomalies) that require attention.
[0078] Examples of the notifications may include notifications for device
failures, security breaches, or performance degradation. The network data may include information transmitted over the network, including packets, frames,
30 segments, and the like. The infra-metric data may include performance metrics collected from network infrastructure components like the routers, the switches, the
21

servers, and the firewalls. These infra-metrics may include parameters such as a
central processing unit (CPU) utilization, a memory usage, a network bandwidth, a
latency, and error rates. The data records in a network context may refer to
structured information or logs containing details about network activities, events,
5 or transactions. The logs may correspond to chronological records of events or
activities generated by network devices, servers, applications, or security systems.
The virtual probe data may refer to information collected by software-based
monitoring tools or virtual appliances deployed within a network infrastructure.
[0079] Upon receiving the plurality of network data, at step 304, the
10 plurality of network data may be analyzed to detect the one or more anomalies within the plurality of network data. As will be appreciated, the plurality of network data may be analyzed via the AI model within the AI engine 212. The one or more anomalies may be detected based on an anomaly threshold defined by the user (i.e., the network administrator or the network operator). The user may define the
15 anomaly threshold via a Graphical User Interface (GUI) (i.e., the interface 206). In
an example, the anomaly threshold may be defined to be, for example, 3%.
[0080] In an embodiment, the one or more anomalies may include, but are
not limited to, the network failure, the call drop, the detected security event (e.g., unauthorized access attempts), the unusual traffic patterns (e.g., the sudden spike
20 or drop in the network traffic), the unexpected protocol usage, the abnormal
bandwidth consumption, the DNS traffic anomalies, the IoT device anomalies (e.g.,
the abnormal behavior of connected devices, such the unauthorized access attempts,
the unusual data transmission patterns, etc.).
[0081] Upon detecting the one or more anomalies, at step 306, a trigger
25 corresponding to the one or more anomalies may be generated. The trigger may be generated based on a trigger condition. The trigger condition may include one of a first trigger condition or a second trigger condition.
[0082] The trigger may be generated based on the first trigger condition
when a singleanomaly is detected in the plurality of network data. Whereas the
30 trigger may be generated based on the second trigger condition when more than one anomaly is detected in the plurality of network data.
22

[0083] Once the trigger is generated, at step 308, the correlation analysis
may be performed on the one or more anomalies. The correlation analysis is
performed to identify the relationship between each of the plurality of network data.
In particular, the correlation analysis may be performed to identify relationships
5 and dependencies between different each of the plurality of network data. The
relationship, for example, may include the bandwidth utilization versus the network
traffic, the anomalies rates versus the health of the network devices, the activity of
the user of the user equipment 104 versus the security events, and the like.
[0084] Further, upon receiving the trigger, at step 310, the at least one
10 workflow may be retrieved corresponding to the one or more anomalies from the centralized database. The at least one workflow may be retrieved based on the correlation analysis. In an embodiment, the centralized database may include the plurality of workflows corresponding to the plurality of user-defined use cases associated with the network. The plurality of workflows may be generated based
15 on the workflow creating request received from the user.
[0085] In other words, in order to generate the plurality of workflows, the
workflow creation request including the correlation logic corresponding to each of the plurality of workflows may be received from the user. The correlation logic may include a plurality of nodes, each node representing a type of a network data, a set
20 of relationships defining connections and logic between each of the plurality of
nodes. Further, the correlation logic may also include a trigger condition indicating
when the first trigger condition or the second trigger condition activates.
[0086] Upon receiving the workflow creation request corresponding to a
workflow associated with a user-defined case, the workflow creation request may
25 be validated. With reference to FIG. 2, the validation of the workflow creation request may be performed by the analysis engine 214. In one embodiment, in response to validating, when the validation of the workflow creation request is the successful validation, the workflow for the user-defined user case may be generated based on the correlation logic. With reference to FIG. 2, the outcome of successful
30 validation may be sent by the analysis engine 214 to the correlation engine 216. Further, the generated workflow is stored in the centralized database (also referred
23

as a distributed data lake). In addition to storing the generated workflow, the workflow is also transmitted and stored in the caching layer of the caching engine 220.
[0087] In another embodiment, in response to validating, when the
5 validation of the workflow creation request is the unsuccessful validation, a notification depicting a failure in validation of the workflow creation request may be generated to notify the user. Further, the notification may be rendered to the user via the GUI. Further, during creation of the plurality of workflows, a plurality of anomalies and a plurality of anomalies thresholds may be defined by the user for
10 the plurality of user-defined use cases. The plurality of anomalies and the plurality
of anomaly thresholds defined by the user may be stored in the centralized database.
[0088] Upon retrieving the at least one workflow, at step 312, the at least
one workflow may be executed based on the trigger generated corresponding to the one or more anomalies. In an embodiment, each of the at least one workflow
15 retrieved corresponding to the one or more anomalies may be executed concurrently. The at least one workflow may include a set of pre-defined actions for resolving the one or more anomalies. For example, the set of pre-defined actions may include performing a network topology analysis to identify affected network devices and connections, employing packet sniffers or analysis tools to inspect
20 packet headers and payloads for the one or more anomalies, reviewing network device (e.g., a router, or a switch) configurations to identify misconfigurations or discrepancies that may be causing the one or more anomalies, implementing pre¬defined configuration changes (i.e., changes defined during creation of the at least one workflow) to rectify the identified one or more anomalies, ensuring
25 compatibility and compliance with network standards, and conducting tests (i.e., a
series of steps defined by the user within each test while creating the at least one
workflow) to verify that the one or more anomalies has been successfully resolved
and that affected services are functioning as expected, and the like.
[0089] Further, in response to executing the at least one workflow, at step
30 314, an output corresponding to the execution of the at least one workflow may be provided to the user. In an embodiment, the output includes a notification indicating
24

one of a successful execution or an unsuccessful execution corresponding to the at least one workflow. In particular, the output of execution of the at least one workflow may be displayed to the user.
[0090] FIG. 4 illustrates a detailed exemplary process flow 400 for
5 managing anomalies in the network, in accordance with an embodiment of the
present disclosure. FIG. 4 is explained in conjunction with FIGS. 1, 2 and 3.
[0091] Initially, at step 408, a user 402 may be configured to provide the
workflow creation request including the correlation logic as an input to the load
balancer 210 via a user interface 404 (same as the interface (206)). At step 410,
10 the load balancer 210 may transfer the workflow creation request to the analysis engine 214. The analysis engine 214 may be configured to analyze the workflow creation request in a pre-defined file format (e.g., a JavaScript Object Notation (JSON)) format as depicted via step 412. The analysis engine 214 may be configured to analyze the workflow creation request to perform validation. The
15 validation may be one of the successful validation or the unsuccessful validation depicted as a workflow creation request validation successful 414 and a validation failed 416, respectively.
[0092] When the validation is the successful validation, the analysis engine
214 may generate the workflow for the user-defined use case based on the
20 correlation logic. Further, at step 418, the outcome of the successful validation may be transferred by the analysis engine 214 to the correlation engine 216 as mentioned via step 418, i.e., validation successful. Further, the generated workflow, i.e., workflow details may be stored in the centralized database, i.e., a distributed data lake 406, at step 420. The distributed data lake may correspond to
25 the centralized database of the centralized server 112. In addition, an information of the generated workflow may be stored in the caching layer of the caching engine 220 at step 422.
[0093] When the validation is the unsuccessful validation, the analysis
engine 214 may generate the notification depicting the failure and send the
30 notification to the load balancer 210 depicted via step 424 as ‘validation failed’. Further, at step 426, the load balancer 210 may transfer and render the notification
25

to the user via the user interface 404. The notification may be ‘failed to create
workflow’ as depicted via step 426. In this way, the plurality of workflows may be
created for the plurality of user-defined use cases and stored in the distributed data
lake 406. It should be noted that, in addition to the plurality of workflows, the user
5 may define the plurality of anomalies and the plurality of anomalies thresholds
during the creation of the plurality of workflows for the plurality of user-defined
use cases. Further, the plurality of anomalies and the plurality of anomaly
thresholds defined by the user may be stored in the distributed data lake 406.
[0094] Further, in order to manage the anomalies, the AI engine 212 may
10 be configured for analyzing the plurality of network data received in real-time to detect one or more anomalies. For example, suppose based on analysis of the plurality of network data, at step 428, the AI engine 212 may be configured to identify an anomaly, e.g., a Key Performance Indicator (KPI) dip based on monitoring and analysis of the plurality of network data in real-time. Further, upon
15 identifying the anomaly including the KIP dip, at step 430, the AI engine 212 may alert the computation engine 218 about the anomaly depicted as ‘an alert for KPI degradation to the computation engine’. Further, the computation engine 218 may be configured to analyze the anomaly and generate a trigger corresponding to the anomaly in a pre-defined file format (e.g., the JSON format), such as a workflow
20 execution trigger JSON, as depicted via step 432. Further, at step 434, the computation engine 218 may transmit the trigger, i.e., the workflow execution trigger JSON to the correlation engine 216.
[0095] At step 436, the correlation engine 216 may send a workflow
execution start request to the analysis engine 214 to start a workflow execution
25 process. Upon receiving the workflow execution start request, the analysis engine 214 may be configured to send a correlation workflow node execution request to the correlation engine 216. Upon receiving the correlation workflow node execution request, the correlation engine 216 may be configured to perform the correlation analysis on the anomaly, i.e., the KPI dip, to identify the relationship
30 between each of the plurality of network data.
26

[0096] The correlation engine 216 may then retrieve the at least one
workflow corresponding to the anomaly from the centralized database, i.e., the distributed data lake. The at least one workflow may include the set of pre-defined actions configured for resolving the anomaly. In particular, once the at least one 5 workflow is retrieved, at step 440 the correlation engine 216 may fetch workflow node details from the distributed data lake 406. In other words, once the at least one workflow is identified, information associated with a node within the network may be fetched from the distributed data lake 406. Further, at step 442, the correlation engine 216 may fetch workflow node metadata from the caching engine
10 220. This may be done to retrieve information about the node that has been cached in the caching engine 220 for faster access. In other words, the correlation engine 216 may retrieve the metadata associated with the node. The metadata for example, may include a node name, a type, a description, inputs, outputs, dependencies, and conditions.
15 [0097] Further, the correlation engine 216 may execute the at least one
workflow retrieved for the anomaly, i.e., the KPI dip to resolve the anomaly. Further, based on the execution of the node of the at least one workflow, at step 444, the output generated in response to the execution of the at least one workflow for the node may be stored in the distributed lake database 406 depicted as
20 ‘correlation workflow node output stored in database’. In addition, the output generated in response to the execution of the at least one workflow corresponding to the node may be stored in the caching layer of the caching engine 220 at step 446 depicted as ‘correlation workflow node output stored in the caching layer’. Further, at step 448, a workflow next node fetch request may be sent to the analysis
25 engine 214 in order to execute the at least one workflow for the next node. The steps 438 to 448 may re-iterated until the at least one workflow corresponding to all nodes within the network is executed. Further, at step 450, the output corresponding to the execution of the at least one workflow may be provided to the user via a notification depicting ‘workflow execution completed successfully’,
30 i.e., the successful execution. In some embodiments, if the at least one workflow is not executed successful or if any issues (e.g., a hardware failure, a network
27

bandwidth, a network outage, a power failure, etc.) were encountered during the execution of the at least one workflow, then the output provided to the user may include a notification depicting ‘unsuccessful execution of the at least one workflow’, i.e., the unsuccessful execution. In addition to the notification, a report 5 including the reason of unsuccessful execution such as the hardware failure may be provided to the user.
[0098] FIG. 5 illustrates an exemplary computer system 500 in which or
with which embodiments of the present disclosure may be implemented. As shown in FIG. 5, the computer system 500 may include an external storage device 510, a
10 bus 520, a main memory 530, a read-only memory 540, a mass storage device 550, communication port(s) 560, and a processor 570. A person skilled in the art will appreciate that the computer system may include more than one processor and communication ports. The processor 570 may include various modules associated with embodiments of the present disclosure. The communication port(s) 560 may
15 be any of an RS-232 port for use with a modem-based dialup connection, a 10/100 Ethernet port, a Gigabit or 10 Gigabit port using copper or fiber, a serial port, a parallel port, or other existing or future ports. The communication port(s) 560 may be chosen depending on a network, such a Local Area Network (LAN), Wide Area Network (WAN), or any network to which the computer system 500 connects.
20 [0099] The main memory 530 may be random access memory (RAM), or
any other dynamic storage device commonly known in the art. The read-only memory 540 may be any static storage device(s) e.g., but not limited to, a Programmable Read Only Memory (PROM) chips for storing static information e.g., start-up or Basic Input/Output System (BIOS) instructions for the processor
25 570. The mass storage device 550 may be any current or future mass storage solution, which can be used to store information and/or instructions. Exemplary mass storage device 550 includes, but is not limited to, Parallel Advanced Technology Attachment (PATA) or Serial Advanced Technology Attachment (SATA) hard disk drives or solid-state drives (internal or external, e.g., having
30 Universal Serial Bus (USB) and/or Firewire interfaces), one or more optical discs, Redundant Array of Independent Disks (RAID) storage, e.g. an array of disks.
28

[00100] The bus 520 communicatively couples the processor 570 with the
other memory, storage, and communication blocks. The bus 520 may be, e.g. a Peripheral Component Interconnect (PCI)/PCI Extended (PCI-X) bus, Small Computer System Interface (SCSI), Universal Serial Bus (USB), or the like, for 5 connecting expansion cards, drives, and other subsystems as well as other buses, such a front side bus (FSB), which connects the processor 570 to the computer system 500.
[00101] Optionally, operator and administrative interfaces, e.g. a display,
keyboard, joystick, and a cursor control device, may also be coupled to the bus 520
10 to support direct operator interaction with the computer system. Other operator and administrative interfaces can be provided through network connections connected through the communication port(s) 560. Components described above are meant only to exemplify various possibilities. In no way should the aforementioned exemplary computer system limit the scope of the present disclosure.
15 [00102] While the foregoing describes various embodiments of the
invention, other and further embodiments of the invention may be devised without departing from the basic scope thereof. The scope of the invention is determined by the claims that follow. The invention is not limited to the described embodiments, versions or examples, which are included to enable a person having ordinary skill
20 in the art to make and use the invention when combined with information and
knowledge available to the person having ordinary skill in the art.
[00103] The method and system of the present disclosure may be
implemented in a number of ways. For example, the methods and systems of the present disclosure may be implemented by software, hardware, firmware, or any
25 combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs
30 including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording
29

medium storing a program for executing the method according to the present disclosure.
[00104] While considerable emphasis has been placed herein on the preferred
embodiments, it will be appreciated that many embodiments can be made and that 5 many changes can be made in the preferred embodiments without departing from the principles of the disclosure. These and other changes in the preferred embodiments of the disclosure will be apparent to those skilled in the art from the disclosure herein, whereby it is to be distinctly understood that the foregoing descriptive matter is to be implemented merely as illustrative of the disclosure and
10 not as a limitation.
[00105] The present disclosure provides technical advancement related to
management of anomalies in the network. This advancement addresses the limitations of existing solutions by detecting one or more anomalies within the plurality of network data and executing a suitable workflow (i.e., the at least one
15 workflow) to resolve the one or more anomalies. The disclosure involves automatic detection of the one or more anomalies using the pre-trained AI model, which provides a unified environment for analyzing diverse network data types without a requirement of multiple tools or platforms, hence streamlining a network analysis process. This in turn reduces manual effort required for detecting and resolving
20 anomalies by executing required workflows. The disclosure facilitates prompt intervention and resolution of the detected anomalies in a timely manner.
ADVANTAGES OF THE PRESENT DISCLOSURE
[00106] The present disclosure provides a method and a system for managing
25 anomalies in a network.
[00107] The present disclosure provides a unified environment for analyzing
diverse network data types without a requirement of multiple tools or platforms,
hence streamlining a network analysis process.
[00108] The present disclosure facilitates users to define customized
30 workflows that trigger specific actions or analyses based on predefined anomalies,
hence enhancing adaptability and efficiency.
30

[00109] The present disclosure reduces manual effort by automatically
detecting the anomalies and executing required workflows, hence ensuring timely responses to the predefined anomalies.
[00110] The present disclosure provides early detection of the anomalies,
facilitating prompt intervention and resolution.

We Claim:
1. A method (300) for managing anomalies in a network (106), the method
(300) comprising:
receiving (302), by a processing engine (208), a plurality of network data from the network (106) in real-time;
analyzing (304), by the processing engine (208) via an Artificial Intelligence (AI) model, the plurality of network data to detect one or more anomalies within the plurality of network data;
generating (306), by the processing engine (208), a trigger corresponding to the one or more anomalies based on a trigger condition;
performing (308), by the processing engine (208), a correlation analysis on the one or more anomalies to identify a relationship between each of the plurality of network data;
retrieving (310), by the processing engine (208), at least one workflow corresponding to the one or more anomalies from a centralized database based on the correlation analysis upon receiving the trigger;
executing (312), by the processing engine (208), the at least one workflow based on the trigger generated corresponding to the one or more anomalies; and
providing (314), by the processing engine (208), an output corresponding to the execution of the at least one workflow to a user.
2. The method (300) as claimed in claim 1, wherein the centralized database comprises a plurality of workflows corresponding to a plurality of user-defined use cases associated with the network (106).
3. The method (300) as claimed in claim 1, wherein each of the at least one workflow is executed concurrently.

4. The method (300) as claimed in claim 1, wherein the output comprises a notification indicating one of a successful execution or an unsuccessful execution corresponding to the at least one workflow.
5. The method (300) as claimed in claim 1, further comprising displaying the output to the user via a Graphical User Interface (GUI).
6. The method (300) as claimed in claim 2, further comprising:
receiving, by the processing engine (208), a workflow creation request comprising a correlation logic corresponding to a workflow associated with a user-defined user case, wherein the workflow is created for each of the plurality of user-defined use cases;
validating, by the processing engine (208), the workflow creation request, wherein the validation is one of a successful validation or an unsuccessful validation;
generating, by the processing engine (208), the workflow for the user-defined user case based on the correlation logic, upon the successful validation; and
storing, by the processing engine (208), the workflow in the centralized database.
7. The method (300) as claimed in claim 4, further comprising:
upon the unsuccessful validation of the workflow creation request, generating, by the processing engine (208), a notification depicting a failure in validation of the workflow creation request for notifying the user; and
rendering, by the processing engine (208) via the GUI, the notification to the user.
8. The method (300) as claimed in claim 1, wherein the plurality of network
data includes at least one of an alarm data, an infra-metric data, a counter
data, data records, logs, and a virtual probe data.

9. The method (300) as claimed in claim 1, wherein the one or more anomalies are detected based on an anomaly threshold defined by the user via the GUI.
10. The method (300) as claimed in claim 1, wherein the at least one workflow comprises a set of pre-defined actions for resolving the one or more anomalies.
11. The method (300) as claimed in claim 1, wherein the trigger condition comprises one of a first trigger condition or a second trigger condition.
12. The method (300) as claimed in claim 9, wherein the trigger is generated based on the first trigger condition when a single anomaly is detected in the plurality of network data, and wherein the trigger is generated based on the second trigger condition when more than one anomaly is detected in the plurality of network data.
13. The method (300) as claimed in claim 4, wherein the correlation logic in the workflow creation request comprises:
a plurality of nodes, each node representing a type of a network data;
a set of relationships defining connections and logic between each of the plurality of nodes; and
a pre-defined trigger condition indicating when the first trigger condition or the second trigger condition activates.
14. A system (108) for managing anomalies in a network (106), the system
(108) comprising:
a memory (204); and
a processing engine (208) coupled to the memory (204), configured
to:

receive (302) a plurality of network data from the network (106) in real-time;
analyze (304), via an Artificial Intelligence (AI) model, the plurality of network data to detect one or more anomalies within the plurality of network data;
generate (306) a trigger corresponding to the one or more anomalies based on a trigger condition;
perform (308) a correlation analysis on the one or more anomalies to identify a relationship between each of the plurality of network data;
retrieve (310) at least one workflow corresponding to the one or more anomalies from a centralized database based on the correlation analysis, upon receiving the trigger;
executing (312) the at least one workflow based on the trigger generated corresponding to the one or more anomalies; and
providing (314) an output corresponding to the execution of the at least one workflow to a user.
15. The system (108) as claimed in claim 12, wherein the centralized database comprises a plurality of workflows corresponding to a plurality of user-defined use cases associated with the network (106).
16. The system (108) as claimed in claim 12, wherein each of the at least one workflow is executed concurrently.
17. The system (108) as claimed in claim 12, wherein the output comprises a notification indicating one of a successful execution or an unsuccessful execution corresponding to the at least one workflow.

18. The system (108) as claimed in claim 12, wherein the processing engine (208) is further configured to display, via a Graphical User Interface (GUI), the output to the user.
19. The system (108) as claimed in claim 13, wherein the processing engine (208) is further configured to:
receive a workflow creation request comprising a correlation logic corresponding to a workflow associated with a user-defined user case, from the user, wherein the workflow is created for the plurality of user-defined use cases;
validate the workflow creation request, wherein the validation is one of a successful validation or an unsuccessful validation;
generate the workflow for the user-defined user case based on the correlation logic, upon the successful validation; and
store the workflow in the centralized database.
20. The system (108) as claimed in claim 15, wherein the processing engine
(208) is further configured to:
upon the unsuccessful validation of the workflow creation request, generate a notification depicting a failure in validation of the workflow creation request for notifying the user; and
render, via the GUI, the notification to the user.
21. The system (108) as claimed in claim 12, wherein the plurality of network data includes at least one of an alarm data, an infra-metric data, a counter data, data records, logs, and a virtual probe data.
22. The system (108) as claimed in claim 12, wherein the one or more anomalies are detected based on an anomaly threshold defined by the user via the GUI.

23. The system (108) as claimed in claim 12, wherein the at least one workflow comprises a set of pre-defined actions for resolving the one or more anomalies.
24. The system (108) as claimed in claim 12, wherein the trigger condition comprises one of a first trigger condition or a second trigger condition.
25. The system (108) as claimed in claim 20, wherein the trigger is generated based on the first trigger condition when a single anomaly is detected in the plurality of network data, and wherein the trigger is generated based on the second trigger condition when more than one anomalies are detected in the plurality of network data.
26. The system (108) as claimed in claim 15, wherein the correlation logic in the workflow creation request comprises:
a plurality of nodes, each node representing a type of a network data;
a set of relationships defining connections and logic between each of the plurality of nodes; and
the trigger condition indicating when the first trigger condition or the second trigger condition activates.
27. A user equipment (UE) communicatively coupled with a network (106), the
coupling comprises steps of:
receiving, by the network (106), a connection request from the UE (104);
sending, by the network (106), an acknowledgment of the connection request to the UE (104); and
transmitting a plurality of signals in response to the connection request, wherein based on the connection request a plurality of workflows are created for managing anomalies in the network (106), and wherein, upon

creating the plurality of workflows, a system (108) is configured for managing the anomalies in the network (106) as claimed in claim 14.