DESC:
FORM 2
THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENTS RULES, 2003

COMPLETE SPECIFICATION
(See section 10 and rule 13)
1. TITLE OF THE INVENTION
METHOD AND SYSTEM OF FORECASTING ONE OR MORE ANOMALIES IN A NETWORK
2. APPLICANT(S)
NAME NATIONALITY ADDRESS
JIO PLATFORMS LIMITED INDIAN OFFICE-101, SAFFRON, NR. CENTRE POINT, PANCHWATI 5 RASTA, AMBAWADI, AHMEDABAD 380006, GUJARAT, INDIA
3.PREAMBLE TO THE DESCRIPTION

THE FOLLOWING SPECIFICATION PARTICULARLY DESCRIBES THE NATURE OF THIS INVENTION AND THE MANNER IN WHICH IT IS TO BE PERFORMED.

FIELD OF THE INVENTION
[0001] The present invention relates generally to anomalies in the communication network, and in particular the present invention provides a system and method of forecasting one or more anomalies in a network.
BACKGROUND OF THE INVENTION
[0002] In communication networks, network monitoring is performed by monitoring all networking components in order to detect faults or anomaly. Anomaly detection is the identification of rare events, items, or observations which are suspicious because they differ significantly from standard behaviors or patterns.
[0003] Generally, the alarms may be set by the consumers in order to get notifications pertaining to anomaly detection. The alarm data generated by the network components may not be effectively leveraged to detect anomalies. Anomalies in the communication network performance were often detected reactively that may lead to potential service disruptions and longer downtime. Further, due to absence of predictive analysis makes it difficult to anticipate and address potential issues in advance. Further, the alarm data and performance metrics are often analyzed separately by the consumer that in turn leads to resulting in a fragmented overview of network health which becomes a time-consuming task in order to integrate and predict anomalies.
[0004] In view of the above, there is a dire need for an efficient system and method for detecting anomalies in a communication network, which ensures any future anomalies can be detected in a timely manner and resolved before the issues are caused.
SUMMARY OF THE INVENTION
[0005] One or more embodiments of the present disclosure provide a method and system of forecasting one or more anomalies in a network.
[0006] In another aspect of the present invention, the method of forecasting the one or more anomalies in the network is disclosed. The method includes the step of receiving data from one or more network components, the data is one of an alarm data, a probe data, or a performance metrics. The method further includes the step of training a machine learning model utilizing the received data to identify trends and patterns corresponding to the one or more anomalies within the received data. The method further includes the step of forecasting potential anomalies based on the identified trends and patterns. The method further includes the step of triggering one or more actions on forecasting of the potential anomalies.
[0007] In an embodiment, the received data is pre-processed and standardized.
[0008] In an embodiment, the on receiving the probe data, the method comprises the step of monitoring the probe data utilizing performance metrics corresponding to the network and counter data corresponding to a Network Management System (NMS).
[0009] In an embodiment, the one or more anomalies correspond to network performance issues or disruptions.
[0010] In an embodiment, the one or more actions comprises transmitting one or more alerts to initiating automatic remediation processes, such as allocation of additional resources.
[0011] In an embodiment, wherein the machine learning model is retrieved from a database, and wherein the machine learning model is trained utilizing historical data and machine learning data driven techniques.
[0012] In an embodiment, the method includes the step of receiving unseen data received from the one or more network components on a continuous basis to refine the forecasting of the potential anomalies.
[0013] In one aspect of the present invention, the system of forecasting the one or more anomalies in the network is disclosed. The system includes a receiving unit configured to receive, data from one or more network components, the data is one of an alarm data, a probe data, or a performance metrics. The system further includes a training unit configured to train, a machine learning model utilizing the received data to identify trends and patterns corresponding to the one or more anomalies within the received data. The system further includes a forecasting unit configured to forecast, potential anomalies based on the identified trends and patterns. The system further includes a triggering unit configured to trigger, one or more actions on forecasting of the potential anomalies.
[0014] In another aspect of the invention, a non-transitory computer-readable medium having stored thereon computer-readable instructions is disclosed. The computer-readable instructions are executed by a processor. The processor is configured to receive, alarm data from one or more network components. The processor is configured to train, a machine learning model utilizing the received data to identify trends and patterns corresponding to the one or more anomalies within the received data. The processor is configured to forecast, potential anomalies based on the identified trends and patterns. The processor is configured to trigger, one or more actions on forecasting of the potential anomalies.
[0015] Other features and aspects of this invention will be apparent from the following description and the accompanying drawings. The features and advantages described in this summary and in the following detailed description are not all-inclusive, and particularly, many additional features and advantages will be apparent to one of ordinary skill in the relevant art, in view of the drawings, specification, and claims hereof. Moreover, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes and may not have been selected to delineate or circumscribe the inventive subject matter, resort to the claims being necessary to determine such inventive subject matter.
BRIEF DESCRIPTION OF THE DRAWINGS
[0016] The accompanying drawings, which are incorporated herein, and constitute a part of this disclosure, illustrate exemplary embodiments of the disclosed methods and systems in which like reference numerals refer to the same parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present disclosure. Some drawings may indicate the components using block diagrams and may not represent the internal circuitry of each component. It will be appreciated by those skilled in the art that disclosure of such drawings includes disclosure of electrical components, electronic components or circuitry commonly used to implement such components.
[0017] FIG. 1 is an exemplary block diagram of an environment of forecasting one or more anomalies in a network, according to one or more embodiments of the present invention;
[0018] FIG. 2 is an exemplary block diagram of a system for forecasting the one or more anomalies in the network, according to one or more embodiments of the present invention;
[0019] FIG. 3 is an exemplary block diagram of an architecture implemented in the system of the FIG. 2, according to one or more embodiments of the present invention;
[0020] FIG. 4 is a signal flow diagram of forecasting the one or more anomalies in the network, according to one or more embodiments of the present invention; and
[0021] FIG. 5 is a schematic representation of a method of forecasting the one or more anomalies in the network, according to one or more embodiments of the present invention.
[0022] The foregoing shall be more apparent from the following detailed description of the invention.
DETAILED DESCRIPTION OF THE INVENTION
[0023] Some embodiments of the present disclosure, illustrating all its features, will now be discussed in detail. It must also be noted that as used herein and in the appended claims, the singular forms "a", "an" and "the" include plural references unless the context clearly dictates otherwise.
[0024] Various modifications to the embodiment will be readily apparent to those skilled in the art and the generic principles herein may be applied to other embodiments. However, one of ordinary skill in the art will readily recognize that the present disclosure including the definitions listed here below are not intended to be limited to the embodiments illustrated but is to be accorded the widest scope consistent with the principles and features described herein.
[0025] A person of ordinary skill in the art will readily ascertain that the illustrated steps detailed in the figures and here below are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments.
[0026] FIG. 1 illustrates an exemplary block diagram of an environment 100 of forecasting one or more anomalies in a network 105, according to one or more embodiments of the present disclosure. In this regard, the environment 100 includes a User Equipment (UE) 110, a server 115, a network 105 and a system 120 communicably coupled to each other of forecasting the one or more anomalies in the network. In an embodiment, the one or more anomalies refer to unexpected or irregular behaviors in the network's operation. The one or more anomalies may signify various issues that may affect the network's performance, stability, or reliability. The one or more anomalies includes, but not limited to, performance degradation, increased latency, network failures, signal strength fluctuations, and increased call drops or packet loss. The one or more anomalies may arise from various sources, including, but not limited to, alarm data, performance metrics, and network monitoring probes. The purpose of forecasting the one or more anomalies is to identify and address potential network issues before they escalate. By analyzing trends with machine learning models, the system 120 predicts future anomalies, enabling operators to take preventive actions, improving network reliability, reducing downtime, and enhancing performance.
[0027] As per the illustrated embodiment and for the purpose of description and illustration, the UE 110 includes, but not limited to, a first UE 110a, a second UE 110b, and a third UE 110c, and should nowhere be construed as limiting the scope of the present disclosure. In alternate embodiments, the UE 110 may include a plurality of UEs as per the requirement. For ease of reference, each of the first UE 110a, the second UE 110b, and the third UE 110c, will hereinafter be collectively and individually referred to as the “User Equipment (UE) 110”.
[0028] In an embodiment, the UE 110 is one of, but not limited to, any electrical, electronic, electro-mechanical or an equipment and a combination of one or more of the above devices such as a smartphone, virtual reality (VR) devices, augmented reality (AR) devices, laptop, a general-purpose computer, desktop, personal digital assistant, tablet computer, mainframe computer, or any other computing device.
[0029] The environment 100 includes the server 115 accessible via the network 105. The server 115 may include, by way of example but not limitation, one or more of a standalone server, a server blade, a server rack, a bank of servers, a server farm, hardware supporting a part of a cloud service or system, a home server, hardware running a virtualized server, one or more processors executing code to function as a server, one or more machines performing server-side functionality as described herein, at least a portion of any of the above, some combination thereof. In an embodiment, the entity may include, but is not limited to, a vendor, a network operator, a company, an organization, a university, a lab facility, a business enterprise side, a defense facility side, or any other facility that provides service.
[0030] The network 105 includes, by way of example but not limitation, one or more of a wireless network, a wired network, an internet, an intranet, a public network, a private network, a packet-switched network, a circuit-switched network, an ad hoc network, an infrastructure network, a Public-Switched Telephone Network (PSTN), a cable network, a cellular network, a satellite network, a fiber optic network, or some combination thereof. The network 105 may include, but is not limited to, a Third Generation (3G), a Fourth Generation (4G), a Fifth Generation (5G), a Sixth Generation (6G), a New Radio (NR), a Narrow Band Internet of Things (NB-IoT), an Open Radio Access Network (O-RAN), and the like.
[0031] The network 105 may also include, by way of example but not limitation, at least a portion of one or more networks having one or more nodes that transmit, receive, forward, generate, buffer, store, route, switch, process, or a combination thereof, etc. one or more messages, packets, signals, waves, voltage or current levels, some combination thereof, or so forth. The network 105 may also include, by way of example but not limitation, one or more of a wireless network, a wired network, an internet, an intranet, a public network, a private network, a packet-switched network, a circuit-switched network, an ad hoc network, an infrastructure network, a Public-Switched Telephone Network (PSTN), a cable network, a cellular network, a satellite network, a fiber optic network, a VOIP or some combination thereof.
[0032] The environment 100 further includes the system 120 communicably coupled to the server 115 and the UE 110 via the network 105. The system 120 is configured to forecast the one or more anomalies in the network 105. As per one or more embodiments, the system 120 is adapted to be embedded within the server 115 or embedded as an individual entity.
[0033] Operational and construction features of the system 120 will be explained in detail with respect to the following figures.
[0034] FIG. 2 is an exemplary block diagram of the system 120 for forecasting the one or more anomalies in the network 105, according to one or more embodiments of the present invention.
[0035] As per the illustrated embodiment, the system 120 includes one or more processors 205, a memory 210, a user interface 215, and a database 220. For the purpose of description and explanation, the description will be explained with respect to one processor 205 and should nowhere be construed as limiting the scope of the present disclosure. In alternate embodiments, the system 120 may include more than one processor 205 as per the requirement of the network 105. The one or more processors 205, hereinafter referred to as the processor 205 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, single board computers, and/or any devices that manipulate signals based on operational instructions.
[0036] As per the illustrated embodiment, the processor 205 is configured to fetch and execute computer-readable instructions stored in the memory 210. The memory 210 may be configured to store one or more computer-readable instructions or routines in a non-transitory computer-readable storage medium, which may be fetched and executed to create or share data packets over a network service. The memory 210 may include any non-transitory storage device including, for example, volatile memory such as RAM, or non-volatile memory such as disk memory, EPROMs, FLASH memory, unalterable memory, and the like.
[0037] In an embodiment, the user interface 215 includes a variety of interfaces, for example, interfaces for a graphical user interface, a web user interface, a Command Line Interface (CLI), and the like. The user interface 215 facilitates communication of the system 120. In one embodiment, the user interface 215 provides a communication pathway for one or more components of the system 120. Examples of such components include, but are not limited to, the UE 110 and the database 220.
[0038] The database 220 is one of, but not limited to, a centralized database, a cloud-based database, a commercial database, an open-source database, a distributed database, an end-user database, a graphical database, a No-Structured Query Language (NoSQL) database, an object-oriented database, a personal database, an in-memory database, a document-based database, a time series database, a wide column database, a key value database, a search database, a cache databases, and so forth. The foregoing examples of database 220 types are non-limiting and may not be mutually exclusive e.g., a database can be both commercial and cloud-based, or both relational and open-source, etc.
[0039] In order for the system 120 of forecasting the one or more anomalies in the network, the processor 205 includes one or more modules/units. In one embodiment, the one or more modules/units includes, but not limited to, a receiving unit 225, a training unit 230, a forecasting unit 235, and a triggering unit 240 communicably coupled to each other to forecast the one or more anomalies in the network 105.
[0040] In one embodiment, the one or more modules/units may be used in combination or interchangeably for forecasting the one or more anomalies in the network 105.
[0041] The receiving unit 225, the training unit 230, the forecasting unit 235, and the triggering unit 240, in an embodiment, may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the processor 205. In the examples described herein, such combinations of hardware and programming may be implemented in several different ways. For example, the programming for the processor 205 may be processor-executable instructions stored on a non-transitory machine-readable storage medium and the hardware for the processor may comprise a processing resource (for example, one or more processors), to execute such instructions. In the present examples, the memory 210 may store instructions that, when executed by the processing resource, implement the processor. In such examples, the system 120 may comprise the memory 210 storing the instructions and the processing resource to execute the instructions, or the memory 210 may be separate but accessible to the system 120 and the processing resource. In other examples, the processor 205 may be implemented by electronic circuitry.
[0042] In an embodiment, the receiving unit 225 is configured to receive data from one or more network 105 components. The data is one of an alarm data, a probe data, or a performance metrics. The alarm data refers to notifications or alerts generated by the one or more network components when specific conditions or thresholds are met. The alarm data alerts indicate potential issues or one or more anomalies within the network105. The potential issues may include, but not limited to, high CPU usage, which may indicate an overload of the one or more network component, or excessive packet loss, suggesting network congestion or faulty hardware. The one or more anomalies may involve unusual spikes in traffic that deviate from normal patterns. The one or more anomalies are indicating the possible security breach or a Distributed Denial of Service (DDoS) attack. The probe data refers to information collected by the one or more network component that eliminate the need for intrusive interface tapping and probing by service providers. The probe data is gathered through domain monitoring probes that perform various functions, including, but not limited to, network metadata extraction, Deep Packet Inspection (DPI), and flow monitoring. The performance data refers to operational metrics such as, but not limited to, CPU usage, memory utilization, bandwidth, latency, jitter, packet loss, and throughput. The performance data helps in assessing the health and performance of the one or more network 105 components, enabling proactive optimization and troubleshooting.
[0043] In an embodiment, the network metadata extraction process involves collecting and analyzing data about network traffic patterns, protocols, and usage without examining the content of the data packets themselves. The DPI is the technique that inspects the data payload of packets as they pass through the network 105, enabling the identification of applications, users, and protocols for enhanced security and performance management. The flow monitoring method tracks and analyzes the flow of data packets across the network 105 to provide insights into bandwidth usage, application performance, and potential network issues
[0044] The probe data techniques allow for the comprehensive analysis of network traffic and behavior. Additionally, the generation of proprietary User Datagram Protocol (UDP), Extended Data Records (XDRs) enhances the ability to track and manage network performance. By utilizing probe data effectively, service providers may gain valuable insights into the network's operational state and enabling proactive measures to optimize performance and identify anomalies.
[0045] In an embodiment, the UDP is the communication protocol used for transmitting data across the network 105 in a connectionless manner, allowing for faster data transfer but without guaranteed delivery or error. The XDRs is the format for packaging and transporting data, typically used to extend the capabilities of standard data records. The XDRs allowing for additional information to be included and processed efficiently in network management and monitoring.
[0046] The one or more network components are elements within the network 105 that generate alarm data due to certain conditions. The certain conditions that generate alarm data from the one or more network components may include, but not limited to, network congestion, increased latency, hardware failures, and packet loss. The certain conditions trigger alarms, which are then pre-processed and standardized for further analysis by the machine learning model in the system 120. The received alarm data is pre-processed and standardized. The pre-processing ensures that the data is cleaned, organized, and made ready for further analysis. The standardization refers to transforming the data into a uniform format, ensuring that the data from different sources or the one or more network components may be compared and analyzed together effectively. The standardization step helps to eliminate discrepancies, such as, but not limited to, inconsistent formats, missing values, or outliers in the data, ensuring that a machine learning model may analyze the standardized data accurately.
[0047] In an embodiment, on receiving the probe data, the system 120 comprises the step of monitoring the probe data utilizing performance metrics corresponding to the network and counter data corresponding to a Network Management System (NMS) 310 (as shown in FIG. 3). The counter data refers to specific measurements collected by the NMS 310, such as, but not limited to, the number of packets processed, the number of active connections, or resource utilization levels. By receiving probe data and continuously monitoring the probe data through the lens of performance metrics and the NMS 310 counter data, the system 120 may effectively identify anomalies, optimize network performance, and facilitate timely interventions to maintain the overall health of the network 105. The integrated monitoring approach enhances the ability to respond to potential issues proactively, ensuring better network reliability and user experience.
[0048] In an embodiment, the system 120 enhances network management by addressing critical components across core, infrastructure, and utility domains. The system 120 monitors the core network, including, but not limited to, routers and switches, to detect and address anomalies using an Artificial Intelligence/Machine Learning (AI/ML) models for optimal performance. The infrastructure monitoring covers physical and virtual resources, such as, but not limited to, servers and data centers, ensuring continuous oversight to prevent disruptions and identify inefficiencies through performance metrics and probe data. Additionally, the system 120 analyzes alarm data and performance metrics for utility services like cloud access and enterprise applications, enabling service providers to optimize resource allocation and enhance service quality, ensuring operational efficiency and customer satisfaction.
[0049] Additionally, the receiving unit 225 is further configured to receive, unseen data from the one or more network components on a continuous basis to refine the forecasting of potential anomalies based on the updated data inputs. The unseen data refers to the fresh, real-time data continuously received from the one or more network components. The unseen data may include, but not limited to, new alarm signals, performance metrics, or operational data that were not previously available or processed by the system 120. By continuously receiving unseen data, the system 120 may refine and update its forecasting of potential anomalies. The updated data inputs of unseen data allow the system 120 to adapt to real-time changes in the network 105, thereby improving the accuracy of anomaly detection and enabling the system 120 to predict future network issues more effectively based on the updated data inputs.
[0050] Thereafter, the training unit 230 is configured to train a machine learning model utilizing the received data to identify trends and patterns corresponding to the one or more anomalies within the received data. The one or more anomalies correspond to network performance issues or disruptions. The network performance corresponds to network performance issues or disruptions arise when the network's ability to deliver data efficiently is compromised, leading to degraded service quality. The network performance issues can manifest in several ways, latency, packet loss, bandwidth limitations, and hardware failures. By utilizing the AI/ML models to analyze data from the alarm data and the probe data, the one or more anomalies enables proactive identification and management of the one or more anomalies. Continuous monitoring of network performance metrics and counter data from the NMS 310 allows for the timely detection of potential disruptions. The holistic approach enhances the ability to respond immediately to the one or more anomalies, ensuring optimal network health, improved reliability, and the better user experience. Thereby training the machine learning model aids in discovering underlying trends and patterns within the alarm data. The trends might refer to general movements or directions in the data over time, while the patterns could indicates the specific recurring behaviors or characteristics that are associated with the one or more anomalies.
[0051] In an embodiment, the machine learning model is retrieved from the database 220, and the machine learning model is trained utilizing historical data and machine learning data driven techniques. The data-driven techniques refer to various methodologies and algorithms used to analyze data and make predictions based on patterns identified within the data. The data-driven techniques includes, but not limited to, supervised learning, anomaly detection algorithms, and deep learning techniques. The supervised learning trains the model on labeled datasets to predict network traffic patterns based on the historical data, while the anomaly detection identifies unusual spikes in the data usage that may indicate security breaches or the network malfunctions. The deep learning utilizes multi-layer neural networks to analyze complex data, such as image recognition in drone inspections of network infrastructure or natural language processing for user feedback on network performance.
[0052] In an embodiment, the machine learning model may leverage algorithms designed specifically for time-series forecasting, clustering, and classification tasks related to network performance and anomaly detection. The time-series forecasting algorithms, such as, but not limited to, Auto Regressive Integrated Moving Average (ARIMA) or Long Short-Term Memory (LSTM) networks, may predict future network traffic based on the historical patterns. The clustering algorithms help segment user behaviors, while classification algorithms, such as, but not limited to, decision trees, classify network events as normal or anomalous. Furthermore, the machine learning model may be fine-tuned using techniques such as hyperparameter optimization to enhance the accuracy of predictions over time. On training of the machine learning model, the received data is stored in the database 220. The trained model may also undergo continuous updates, adapting to real-time changes in network behavior by incorporating unseen data, thus making the trained model more robust and adaptable to dynamic network environments. By storing the data in the database 220, the system 120 ensures that all relevant data used in the training process is accessible for future analysis or retraining. Storing the data helps maintain the record of the data inputs that contributed to the model's training, allowing for traceability and validation of the model’s performance.
[0053] Thereafter, the forecasting unit 235 configured to forecast, potential anomalies based on the identified trends and patterns. The forecasting unit 235 plays a crucial role in proactive network management by enabling the system 120 to anticipate and address potential issues before they lead to significant problems. The system 120 utilizes the combination of historical data, real-time input data, and the trends and patterns identified by the machine learning model to predict potential anomalies that may occur in the near future. The machine learning model identifies trends and patterns from the alarm data and other network-related information during its training phase, which form the foundation for the predictions. By forecasting the potential anomalies, the system 120 may detect network behaviors or patterns that deviate from normal performance, indicating future problems. The examples of potential anomalies include, but not limited to, sudden spikes in data usage, which may indicate a Distributed Denial of Service (DDoS) attack, the significant drop in signal strength in specific areas, suggesting possible hardware malfunctions, the unexpected latency in data transmission, which may affect user experience, and the unusual patterns of user behavior, such as, but not limited to, single device consuming the unusually high amount of bandwidth, indicating possible security breaches or misuse.
[0054] Upon forecasting potential anomalies based on the identified trends and patterns, the triggering unit 240 is configured to trigger one or more actions on forecasting of the potential anomalies. The one or more actions taken upon forecasting potential anomalies may include, but not limited to, sending alerts to notify network operators about forecasted anomalies, initiating automatic remediation by reallocating resources or adjusting network configurations, implementing load balancing to distribute traffic, proactively allocating additional resources to prevent degradation, and dynamically reconfiguring services by rerouting traffic or modifying Quality of Service (QoS) settings to maintain network performance. the one or more anomalies correspond to network performance issues or disruptions.
[0055] In an embodiment, the one or more actions comprises transmitting one or more alerts to or initiating automatic remediation processes, such as allocation of additional resources. The automatic remediation processes refer to predefined actions or protocols that the system 120 initiates automatically in response to detected the one or more anomalies or performance issues in the network 105. The automatic remediation processes aim to mitigate or resolve potential problems without requiring manual intervention from network operators. The allocation of additional resources refers to the process of provisioning and distributing extra computational or the network resources to address increased demand or resolve identified issues within the network 105. Further, the potential anomaly is forecasted by the system 120, the system 120 may generate and send alerts to the service operator or network administrator. The one or more alerts notify the operator about potential issues in the network 105, such as, but not limited to, performance degradation, increased latency, or hardware failures, allowing the service operator or network administrator to respond before the issue becomes critical. The types of the one or more alerts may include, but not limited to, real-time notifications via email or Short Message Service (SMS), dashboard alerts on network management interfaces, automated system logs detailing the anomaly, and escalation alerts for critical issues that require immediate attention.
[0056] FIG. 3 is an exemplary block diagram of an architecture 300 of the system 120 of forecasting the one or more anomalies in the network 105, according to one or more embodiments of the present invention.
[0057] The architecture 300 includes the user interface 215, an alarm sources 305, a Network Management System (NMS) 310, a processing hub 315, a data preprocessor 320, an algorithm execution 325, a workflow manager 330, and the database 220.
[0058] In the architecture 300, the one or more network components are represented as alarm source 1 305, alarm source 2 305, and continuing up to alarm source n 305. The alarm sources 305 are responsible for generating alarms and counters related to network performance, operational issues, or other relevant metrics. The alarm sources 305 collect data from various network elements and trigger alerts based on predefined thresholds or anomalies. The alarm sources 305 act as the primary data sources feeding information into the NMS 310 for further processing and analysis.
[0059] The NMS 310 collects and aggregates alarm and counter data from the alarm sources. The NMS 310 processes the data to provide insights into the network performance and health. The NMS 310 serves as the centralized platform that consolidates data from multiple alarm sources, enabling efficient monitoring and management of the network 105. The NMS 310 preprocesses the data before sending it to the processing hub 315 for advanced analytics.
[0060] The processing hub 315 is an Artificial Intelligence/Machine Learning (AI/ML) platform designed to perform various algorithms, including anomaly detection and predictive analytics. The processing hub 315 analyzes the preprocessed data 320 and generates insights related to network performance and potential anomalies. The processing hub 315 serves as the core intelligence engine of the invention, applying machine learning techniques to derive meaningful patterns, detect anomalies, and improve network management through continuous learning. The processing hub 315 includes two main components, which is the data preprocessing and the algorithm execution 325.
[0061] The data preprocessing cleans, normalizes, and prepares the incoming data for analysis. The data preprocessing removes redundant or irrelevant data, handles missing values, and ensures the data is in the consistent format for the algorithms to operate effectively. The data preprocessing enhances the quality of the data fed into the processing hub 315 by transforming raw alarm and counter data into the structured format suitable for machine learning algorithms.
[0062] The algorithm execution 325 sub-component of the processer 315 focuses on executing specific algorithms for anomaly detection, predictive analytics, and continuous improvement. The anomaly detection Identifying unusual patterns or behaviors in the network data that may indicate a potential issue. The predictive analytics forecasting the future network conditions based on the historical data and trends. The continuous improvement utilizing feedback from outcomes to refine and enhance the models and algorithms continuously. The algorithm execution 325 ensures that the data analysis is not only reactive but also proactive, enabling preemptive actions to maintain network performance.
[0063] The database 220 serves as the centralized repository for storing processed data, algorithm outputs, and other relevant information generated by the processing hub 315. The database 220 enables scalable storage of large volumes of data and supports advanced analytics by allowing data scientists and engineers to access historical data for training and refining machine learning models.
[0064] The workflow manager 330 manages the processes and tasks related to analysis, alerting, and response mechanisms. The workflow manager 330 coordinates activities, ensures smooth execution of data analysis tasks, and integrates various processes within the architecture 300 for effective network management. The workflow manager 330 interacts with the database 220 by accessing and storing relevant data needed for the various processes overseas. The workflow manager 330 retrieves data from the database 220 to inform decision-making and execute tasks, such as, but not limited to, generating alerts or initiating actions based on specific conditions. Additionally, the workflow manager 330 may log the outcomes of its processes and actions in the database 220, allowing for the historical record that may be used for future reference, performance analysis, and continuous improvement.
[0065] The user interface 215 provides the means for the network operators and administrators to interact with the coordination. The user interface 215 displays alerts, reports, and analytics generated by the processing hub 315 and facilitates user-driven actions. The user interface 215 acts as the front end of the procedure, enabling operators to monitor network status, respond to alerts, and manage the network based on insights derived from the analytics.
[0066] FIG. 4 is a flowchart diagram of forecasting the one or more anomalies in the network 105, according to one or more embodiments of the present invention.
[0067] At step 405, the step initiates the entire data processing and analysis workflow, where the flow begins receiving and processing alarm data from the NMS interface to detect and predict network anomalies.
[0068] At step 410, the NMS alarm data interface is responsible for interfacing with the NMS 310 to collect alarm data. The NMS alarm data interface related to data collection and integration, ensuring that relevant data is gathered for further analysis.
[0069] At step 415, the alarm data received from the NMS 310 is integrated into the cohesive format, combining multiple data sources as necessary. The step data integration ensures that the data is structured and ready for the preprocessing. The preprocessing is essential for maintaining data quality and consistency.
[0070] At step 420, upon data integrating, the data preprocessing involves cleaning and normalizing the data to eliminate redundancy and irrelevant information. The data preprocessing ensuring that it suitable for algorithm execution. The data preprocessing techniques may include removing Not a Number (NaN) values and standardizing data formats.
[0071] At step 425, upon preprocessing the data, the algorithm execution 325 integrated and preprocessed data is then analyzed using various algorithms. The algorithm execution 325 step includes, anomaly detection, predictive analytics, and continuous improvement. The anomaly detection identifies irregular patterns in the data, the predictive analytics forecasts future network trends using historical data, and the continuous improvement refines algorithms for enhanced accuracy, all of which align with the regarding AI/ML functionality in the invention.
[0072] At step 430, upon integrating and preprocessing the data is analyzed using various algorithms, the results of the algorithm execution, including detected anomalies and predictions, are stored in the database 220. The database 220 serves as the distributed storage solution that retains processed data and algorithm outputs, facilitating future access and analysis.
At the step 435, Finally, the insights derived from the data analysis are reported to the user. The step involves presenting alerts, reports, and analytics in the user-friendly format, enabling network operators and administrators to make informed decisions. The reporting to the user functionality emphasizes the invention's focus on user engagement and operational efficiency.
[0073] FIG. 5 is a flow diagram of a method 500 of forecasting the one or more anomalies in the network 105, according to one or more embodiments of the present invention. For the purpose of description, the method 500 is described with the embodiments as illustrated in FIG. 2 and should nowhere be construed as limiting the scope of the present disclosure.
[0074] At step 505, the method 500 includes the step of receiving the data from the one or more network components, the data is one of the alarm data, the probe data, or the performance metrics. The received alarm data is pre-processed and standardized. Further the method 500 includes the step of receiving unseen data received from the one or more network components on the continuous basis to refine the forecasting of the potential anomalies. On receiving the probe data, the method 500 further comprises the step of monitoring the probe data utilizing performance metrics corresponding to the network 105 and counter data corresponding to the NMS 310.
[0075] At step 510, the method 500 includes the step of training a machine learning model utilizing the received data to identify trends and patterns corresponding to the one or more anomalies within the received data. The machine learning model is retrieved from the database 220, and the machine learning model is trained utilizing historical data and the machine learning data driven techniques. On training of the machine learning model, the received data is stored in the database 220.
[0076] At step 515, the method 500 includes the step of forecasting potential anomalies based on the identified trends and patterns. The one or more anomalies correspond to network performance issues or disruptions.
[0077] At step 520, the method 500 includes the step of triggering one or more actions on forecasting of the potential anomalies. The the one or more actions includes transmitting the one or more alerts to the service operator or initiating automatic remediation processes, such as allocation of additional resources.
[0078] The present invention further discloses a non-transitory computer-readable medium having stored thereon computer-readable instructions. The computer-readable instructions are executed by the processor 205. The processor 205 is configured to receive the alarm data from the one or more network 105 components. The processor 205 is further configured to train the machine learning model utilizing the received data to identify trends and patterns corresponding to the one or more anomalies within the received data. The processor 205 is further configured to forecast potential anomalies based on the identified trends and patterns. The processor 205 is further configured to trigger the one or more actions on forecasting of the potential anomalies.
[0079] A person of ordinary skill in the art will readily ascertain that the illustrated embodiments and steps in description and drawings (FIG.1-5) are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments.
[0080] The present disclosure includes technical advancements that enhance network management by leveraging AI/ML for real-time anomaly detection and predictive analytics, forecasting network performance trends to optimize resources and prevent issues. The invention features automated continuous improvement, refining its algorithms based on insights from previous analysis. With advanced data integration and pre-processing, the invention ensures high-quality inputs, leading to more accurate predictions. Additionally, the user-friendly interface enables seamless interaction, allowing operators to monitor and manage network operations efficiently based on real-time insights.
[0081] The present invention offers multiple advantages includes improved network reliability through real-time anomaly detection, allowing proactive issue resolution before disruptions occur. The predictive analytics enhance operational efficiency by forecasting potential network issues and optimizing resource allocation. The invention’s continuous learning capabilities improve accuracy over time, refining predictions and responses. The invention of seamless integration of data sources ensures comprehensive analysis, while the user-friendly interface simplifies monitoring and management for network operators, enabling quicker responses and better-informed decisions.
[0082] The present invention offers multiple advantages over the prior art and the above listed are a few examples to emphasize on some of the advantageous features. The listed advantages are to be read in a non-limiting manner.
REFERENCE NUMERALS

[0083] Environment- 100
[0084] User Equipment (UE) - 110
[0085] Server - 115
[0086] Network - 105
[0087] System -120
[0088] Processor - 205
[0089] Memory - 210
[0090] User interface - 215
[0091] Database - 220
[0092] Receiving unit - 225
[0093] Training unit - 230
[0094] Forecasting unit - 235
[0095] Triggering unit – 240
[0096] Alarm source - 305
[0097] Network Management System (NMS) - 310
[0098] Processing hub - 315
[0099] Data pre-processor - 320
[00100] Algorithm execution - 325
[00101] Workflow manager - 330

,CLAIMS:CLAIMS
We Claim:
1. A method (500) of forecasting one or more anomalies in a network (105), the method (500) comprising the steps of:
receiving, by one or more processors (205), data from one or more network components, wherein the data is one of an alarm data and a probe data or performance metrics;
training, by the one or more processors (205), a machine learning model utilizing the received data to identify trends and patterns corresponding to the one or more anomalies within the received data;
forecasting, by the one or more processors (205), potential anomalies based on the identified trends and patterns; and
triggering, by the one or more processors (205), one or more actions on forecasting of the potential anomalies.

2. The method (500) as claimed in claim 1, wherein the received data is pre-processed and standardized.

3. The method (500) as claimed in claim 1, wherein on receiving the probe data, the method further comprises the step of monitoring, by the one or more processors (205), the probe data utilizing performance metrics corresponding to the network and counter data corresponding to a Network Management System (NMS) (310).

4. The method (500) as claimed in claim 1, wherein the one or more anomalies correspond to network performance issues or disruptions.

5. The method (500) as claimed in claim 1, wherein the one or more actions comprises transmitting one or more alerts to or initiating automatic remediation processes, such as allocation of additional resources.

6. The method (500) as claimed in claim 1, wherein the machine learning model is retrieved from a database (220), and wherein the machine learning model is trained utilizing historical data and machine learning data driven techniques.

7. The method (500) as claimed in claim 1, wherein the method (500) comprises the step of
receiving, by the one or more processors (205), unseen data received from the one or more network components on a continuous basis to refine the forecasting of the potential anomalies.

8. A system (120) for forecasting one or more anomalies in a network (105), the system (120) comprising the steps of:
a receiving unit (225) configured to receive, data from one or more network components, wherein the data is one of an alarm data, a probe data, or a performance metrics;
a training unit (230) configured to train, a machine learning model utilizing the received data to identify trends and patterns corresponding to the one or more anomalies within the received data;
a forecasting unit (235) configured to forecast, potential anomalies based on the identified trends and patterns; and
a triggering unit (240) configured to trigger, one or more actions on forecasting of the potential anomalies.

9. The system (120) as claimed in claim 8, wherein the received data is pre-processed and standardized.

10. The system (120) as claimed in claim 8, wherein on receiving the probe data, the system further comprises the step of monitoring the probe data utilizing performance metrics corresponding to the network and counter data corresponding to a Network Management System (NMS) (310).

11. The system (120) as claimed in claim 8, wherein the one or more anomalies correspond to network performance issues or disruptions.

12. The system (120) as claimed in claim 8, wherein the one or more actions comprises transmitting one or more alerts or initiating automatic remediation processes, such as allocation of additional resources.

13. The system (120) as claimed in claim 8, wherein the machine learning model is retrieved from a database, and wherein the machine learning model is trained utilizing historical data and machine learning data driven techniques.

14. The system (120) as claimed in claim 8, wherein the receiving unit (225) is configured to receive, unseen data received from the one or more network components on a continuous basis to refine the forecasting of the potential anomalies.