EP4655926A1 - Détection et isolement d'anomalies dans des réseaux de communication multidomaine sur la base de motifs fréquents - Google Patents

Détection et isolement d'anomalies dans des réseaux de communication multidomaine sur la base de motifs fréquents

Info

Publication number
EP4655926A1
EP4655926A1 EP24701746.0A EP24701746A EP4655926A1 EP 4655926 A1 EP4655926 A1 EP 4655926A1 EP 24701746 A EP24701746 A EP 24701746A EP 4655926 A1 EP4655926 A1 EP 4655926A1
Authority
EP
European Patent Office
Prior art keywords
network
fault
data values
pattern
patterns
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP24701746.0A
Other languages
German (de)
English (en)
Inventor
Attila MITCSENKOV
Ádám ZLATNICZKI
Róbert VASAS
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Telefonaktiebolaget LM Ericsson AB
Original Assignee
Telefonaktiebolaget LM Ericsson AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget LM Ericsson AB filed Critical Telefonaktiebolaget LM Ericsson AB
Publication of EP4655926A1 publication Critical patent/EP4655926A1/fr
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0681Configuration of triggering conditions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0686Additional information in the notification, e.g. enhancement of specific meta-data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/069Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications

Definitions

  • the present disclosure relates generally to communication networks and more specifically to techniques for detecting operational anomalies (e.g., failures, faults, etc.) that manifest themselves as frequent patterns observed across multiple domains of a communication network.
  • operational anomalies e.g., failures, faults, etc.
  • the fifth generation (5G) of cellular systems also referred to as New Radio (NR) was initially standardized 3GPP Rel-15 and continues to evolve in subsequent releases.
  • NR is developed for maximum flexibility to support a variety of different use cases including enhanced mobile broadband (eMBB), machine type communications (MTC), ultra-reliable low latency communications (URLLC), side-link device-to-device (D2D), and several other use cases.
  • eMBB enhanced mobile broadband
  • MTC machine type communications
  • URLLC ultra-reliable low latency communications
  • D2D side-link device-to-device
  • 5G/NR technology shares many similarities with fourth-generation LTE.
  • the 5G System consists of an Access Network (AN) and a Core Network (CN).
  • the AN provides UEs connectivity to the CN, e.g., via base stations such as gNBs or ng-eNBs.
  • the CN includes a variety of Network Functions (NF) that provide a range of different functionalities such as session management, connection management, charging, authentication, etc.
  • NF Network Functions
  • a time series is a sequence of data or information values, each of which has an associated time instance (e.g., when the data or information value was generated and/or collected).
  • the data or information can be anything measurable that depends on time in some way, such as prices, humidity, or number of people.
  • frequency is how often the data values of the data set are recorded. Frequency is also inversely related to the period (or duration) between successive data values.
  • Time series analysis includes techniques that attempt to understand or contextualize time series data, such as to make forecasts or predictions of future data (or events) using a model built from past time series data.
  • the time series consists of data values measured and/or recorded with a constant frequency or period.
  • Time series datasets can be collected from geographic locations, such as from nodes of a communication network located in one or more geographic areas (e.g., countries, regions, provinces, cities, etc.). For example, values of performance measurement (PM) counters can be collected from the various network nodes at certain time intervals. Time series data collected in this manner can be used to analyze, predict, and/or understand user behavior patterns as well as network performance trends.
  • PM performance measurement
  • multi-domain communication networks are distributed such that a failure in one part of the network may also affect other parts, causing all affected parts to generate alarms or other fault indicators.
  • a fault at one level of network hierarchy e.g., cell
  • may also cause faults at other levels e.g., node serving the cell.
  • the complexity of multi-domain communication networks requires monitoring at a relatively high level of granularity, such as pre-defined groups or aggregations of data sessions, users, cells, network elements, etc. or combinations thereof.
  • this approach makes it more difficult to detect faults affecting smaller subsets of these groups or aggregations (e.g., single data session or cell) or affecting different groups, aggregations, or combinations that are not selected for monitoring.
  • An object of embodiments of the present disclosure is to address these and other problems, issues, and/or difficulties by techniques that detect and isolate communication network operational anomalies based on correlated data sources (“fault markers”) from various network domains, and corresponding network analytics systems that perform such techniques.
  • Some embodiments include methods e.g., procedures) for detecting operational anomalies in a multi-domain communication network. Such methods can be performed, for example, by a network analytics system.
  • These exemplary methods include obtaining a plurality of fault markers associated with respective faults that occurred in the communication network. Each fault marker includes a plurality of data values collected from the multiple domains of the communication network. These exemplary methods can also include identifying a plurality of patterns of data values that occur in the fault markers with respective occurrence frequencies that are at least a threshold frequency. These exemplary methods also include, for each of the identified patterns, determining respective proportions in which the identified pattern appears in the other identified patterns. These exemplary methods also include determining one or more anomaly candidates among the identified patterns, based on the occurrence frequency and the determined proportions for each identified pattern. These exemplary method also include detecting one or more operational anomalies in the communication network based on correspondence between the occurrence frequency of each anomaly candidate and the following:
  • identifying the plurality of patterns of data values that occur in the fault markers with respective occurrence frequencies that are at least a threshold frequency comprises determining occurrence frequencies of each pattern of data values that appears in the fault markers and comparing each determined occurrence frequency to the threshold frequency.
  • determining one or more anomaly candidates among the identified patterns based on the occurrence frequencies and the determined proportions for each identified pattern includes the following operations:
  • determining a number of occurrences for each identified pattern based on the occurrence frequency and respective proportions for the pattern includes solving a set of linear equations in which the proportions are coefficients for the numbers of occurrences of the respective patterns, which are unknowns.
  • each fault marker includes a plurality of different data elements collected from the multiple domains of the communication network, with each data element containing one of the data values.
  • the neighbors to each pattern of data values associated with an anomaly candidate include all fault markers having the same plurality of data elements with only one of the data values being different than the anomaly candidate.
  • each detected operational anomaly is an anomaly candidate whose occurrence frequency deviated by more than a threshold from one or more of the following: the historical occurrence frequency of the pattern of data values associated with the anomaly candidate, and occurrence frequencies of neighbors to the pattern of data values associated with the anomaly candidate.
  • network analytics systems e.g., NWDAFs, SMO nodes, NM nodes, cloud systems, etc.
  • Other embodiments include non-transitory, computer- readable media storing program instructions that, when executed by processing circuitry, configure such network analytics systems to perform operations corresponding to any of the exemplary methods described herein.
  • embodiments described herein can provide a wide range of possibilities to investigate various known network failures as well as fast, automatic detection of yet unknown network failures.
  • embodiments can capture novel operational anomalies while they are still developing, minimizing their impact on user experience and network performance.
  • embodiments can distinguish between the origin (“root cause”) of a network failure and other reported issues that are merely “side effects” also resulting from the root cause, based on occurrence frequencies of various patterns.
  • root cause the origin
  • embodiments can identify more latent failures and interworking issues that are often missed by conventional techniques. Even so, embodiments can avoid being over-inclusive when identifying possible operational anomalies, such that limited human engineering resources can be used to investigate the most relevant possibilities.
  • Figure 1 is a high-level block diagram of an exemplary 5G/NR network architecture.
  • Figure 2 shows an exemplary 5G reference architecture with service-based interfaces and various 3GPP-defined NFs.
  • Figure 3 shows an exemplary multi-domain network comprising a RAN, a packet-based core network (CN), and an IP Multimedia Subsystem (IMS).
  • CN packet-based core network
  • IMS IP Multimedia Subsystem
  • Figure 4 shows a functional diagram of a network analytics system according to some embodiments of the present disclosure.
  • FIG 5 illustrates operation of the network analytics system shown in Figure 4 using example data.
  • FIG 6 shows a high-level diagram of an Open RAN (O-RAN) architecture.
  • Figures 7-8 show two implementation options for integrating embodiments of the present disclosure with an O-RAN architecture.
  • Figure 9 shows an exemplary method (e.g., procedure) for detecting operational anomalies in a multi-domain communication network, according to various embodiments of the present disclosure.
  • Figure 10 shows a communication system according to various embodiments of the present disclosure.
  • Figure 11 shows a network node according to various embodiments of the present disclosure.
  • Figure 12 shows host computing system according to various embodiments of the present disclosure.
  • Figure 13 is a block diagram of a virtualization environment in which functions implemented by some embodiments of the present disclosure may be virtualized.
  • FIG. 1 illustrates a high-level view of an exemplary 5G network architecture, consisting of a Next Generation Radio Access Network (NG-RAN, 199) and a 5G Core (5GC, 198).
  • the NG-RAN can include one or more gNodeB’s (gNBs) connected to the 5GC via one or more NG interfaces, such as gNBs (100, 150) connected via respective interfaces (102, 152).
  • gNBs Next Generation Radio Access Network
  • gNBs gNodeB’s
  • gNBs gNodeB
  • the gNBs can be connected to one or more Access and Mobility Management Functions (AMFs) in the 5GC via respective NG-C interfaces and to one or more User Plane Functions (UPFs) in 5GC via respective NG-U interfaces.
  • AMFs Access and Mobility Management Functions
  • UPFs User Plane Functions
  • the 5GC can include various other network functions (NFs), such as Session Management Function(s) (SMF).
  • NFs Session Management Function(s)
  • each of the gNBs can support frequency division duplexing (FDD), time division duplexing (TDD), or a combination thereof.
  • FDD frequency division duplexing
  • TDD time division duplexing
  • Each of the gNBs can serve a geographic coverage area including one or more cells and, in some cases, can also use various directional beams to provide coverage in the respective cells.
  • a DL “beam” is a coverage area of a network-transmitted reference signal (RS) that may be measured or monitored by a UE.
  • RS network-transmitted reference signal
  • NG RAN logical nodes may include a Central Unit (CU or gNB-CU, e.g., 110) and one or more Distributed Units (DU or gNB-DU, e.g., 120, 130).
  • CUs are logical nodes that host higher-layer protocols and perform various gNB functions such controlling the operation of DUs.
  • DUs are decentralized logical nodes that host lower layer protocols and can include, depending on the functional split option, various subsets of the gNB functions.
  • Each CU and DU can include various circuitry needed to perform their respective functions, including processing circuitry, communication interface circuitry e.g., transceivers), and power supply circuitry.
  • a gNB-CU connects to one or more gNB-DUs over respective Fl logical interfaces (e.g., 122 and 132 shown in Figure 1).
  • a gNB-DU can be connected to only a single gNB- CU.
  • the gNB-CU and its connected gNB-DU(s) are only visible to other gNBs and the 5GC as a gNB. In other words, the Fl interface is not visible beyond gNB-CU.
  • 5G networks e.g., in 5GC
  • SB A Service Based Architecture
  • NFs Network Functions
  • HTTP/REST Hyper Text Transfer Protocol/Representational State Transfer
  • APIs application programming interfaces
  • the various services are self-contained functionalities that can be changed and modified in an isolated manner without affecting other services.
  • the services are composed of various “service operations”, which are more granular divisions of the overall service functionality.
  • the interactions between service consumers and producers can be of the type “request/response” or “subscribe/notify”.
  • network repository functions (NRF) allow every network function to discover the services offered by other network functions
  • DFS Data Storage Functions
  • This 5G SBA model is based on principles including modularity, reusability and self-containment of NFs, which can enable network deployments to take advantage of the latest virtualization and software technologies.
  • Figure 2 shows an exemplary non-roaming architecture of a 5G network (200) with service-based interfaces and various 3GPP-defined NFs. These include the following NFs, with additional details provided for those most relevant to the present disclosure:
  • Application Function interacts with the 5GC to provision information to the network operator and to subscribe to certain events happening in operator's network.
  • An AF offers applications for which service is delivered in a different layer (i.e., transport layer) than the one in which the service has been requested (i.e., signaling layer), the control of flow resources according to what has been negotiated with the network.
  • An AF communicates dynamic session information to PCF (via N5 interface), including description of media to be delivered by transport layer.
  • PCF Policy Control Function
  • Npcf interface supports unified policy framework to govern the network behavior, via providing PCC rules (e.g., on the treatment of each service data flow that is under PCC control) to the SMF via the N7 reference point.
  • PCF provides policy control decisions and flow based charging control, including service data flow detection, gating, QoS, and flow-based charging (except credit management) towards the SMF.
  • the PCF receives session and media related information from the AF and informs the AF of traffic (or user) plane events.
  • UPF User Plane Function
  • SMF packet inspection and different enforcement actions
  • PDN packet data network
  • the N9 reference point is for communication between two UPFs.
  • Session Management Function interacts with the decoupled traffic (or user) plane, including creating, updating, and removing Protocol Data Unit (PDU) sessions and managing session context with the User Plane Function (UPF), e.g., for event reporting.
  • SMF Session Management Function
  • PDU Protocol Data Unit
  • UPF User Plane Function
  • SMF performs data flow detection (based on filter definitions included in PCC rules), online and offline charging interactions, and policy enforcement.
  • Charging Function (CHF, with Nchf interface) is responsible for converged online charging and offline charging functionalities. It provides quota management (for online charging), re-authorization triggers, rating conditions, etc. and is notified about usage reports from the SMF. Quota management involves granting a specific number of units (e.g., bytes, seconds) for a service. CHF also interacts with billing systems.
  • Access and Mobility Management Function terminates the RAN CP interface and handles all mobility and connection management of UEs (similar to MME in EPC).
  • AMFs communicate with UEs via the N1 reference point, with SMFs via the Nil reference point, and with RAN (e.g., NG-RAN) via the N2 reference point.
  • RAN e.g., NG-RAN
  • NEF Network Exposure Function
  • Nnef interface - acts as the entry point into operator's network, by securely exposing to AFs the network capabilities and events provided by 3GPP NFs and by providing ways for the AF to securely provide information to 3GPP network.
  • NEF provides a service that allows an AF to provision specific subscription data (e.g., expected UE behavior) for various UEs.
  • NEF provides services similar to services provided by SCEF in EPC.
  • NRF Network Repository Function
  • Network Slice Selection Function with Nnssf interface - a “network slice” is a logical partition of a 5G network that provides specific network capabilities and characteristics, e.g., in support of a particular service.
  • a network slice instance is a set of NF instances and the required network resources (e.g., compute, storage, communication) that provide the capabilities and characteristics of the network slice.
  • the NSSF enables other NFs (e.g., AMF) to identify a network slice instance that is appropriate for a UE’s desired service.
  • AUSF Authentication Server Function
  • HPLMN home network
  • NWDAF Network Data Analytics Function
  • Nnwdaf interface - interacts with other NFs to collect relevant data and provides network analytics information (e.g., statistical information of past events and/or predictive information) to other NFs.
  • network analytics information e.g., statistical information of past events and/or predictive information
  • Location Management Function with Nlmf interface - supports various functions related to determination of UE locations, including location determination for a UE and obtaining any of the following: DL location measurements or a location estimate from the UE; UL location measurements from the NG RAN; and non-UE associated assistance data from the NG RAN.
  • the Unified Data Management (UDM) function supports generation of 3GPP authentication credentials, user identification handling, access authorization based on subscription data, and other subscriber-related functions. To provide this functionality, the UDM uses subscription data (including authentication data) stored in the 5GC unified data repository (UDR). In addition to the UDM, the UDR supports storage and retrieval of policy data by the PCF, as well as storage and retrieval of application data by NEF.
  • UDM and “UDM function” are used interchangeably herein.
  • IP Multimedia Subsystem is an architectural framework for delivering multimedia services to wireless devices based on these Internet-centric protocols.
  • IMS was originally specified by 3rd Generation Partnership Project (3GPP) in Release 5 (Rel-5) as a technology for evolving mobile networks beyond GSM, e.g., for delivering Internet services over GPRS.
  • 3GPP 3rd Generation Partnership Project
  • Rel-5 Release 5
  • IMS has evolved in subsequent releases to support other access networks and a wide range of services and applications.
  • the functionality of the IMS network can be sub-divided into two types: control and media, and application enablers.
  • the control functionality comprises Call Session Control Function (CSCF) and Home Subscriber Server (HSS).
  • CSCF is used for session control for devices and applications that are using the IMS network. Session control includes the secure routing of the session initiation protocol (SIP) messages, subsequent monitoring of SIP sessions, and communicating with a policy architecture to support media authorization.
  • CSCF functionality can also be divided into Proxy CSCF (P-CSCF), Serving CSCF (S-CSCF), and Interrogating CSCF (I-CSCF).
  • P-CSCF Proxy CSCF
  • S-CSCF Serving CSCF
  • I-CSCF Interrogating CSCF
  • HSS is the master database containing user and subscriber information to support the network entities handling calls and sessions.
  • HSS provides functions such as identification handling, access authorization, authentication, mobility management (e.g., which session control entity is serving the user), session establishment support, service provisioning support, and service authorization support.
  • a Media Resource Function can provide media services in a user’ s home network and can manage and process media streams such as voice, video, speech-to-text, and real-time transcoding of multimedia data.
  • MRF Media Resource Function
  • a WebRTC Gateway allows native- and browser-based devices to access services in the network securely.
  • the ever increasing complexity of communication networks drives the evolution of analytics systems that support operation, optimization, and planning of these networks. This includes detecting and addressing sudden, undesired changes in network operation and/or performance (e.g., failures).
  • Advanced analytics systems require collecting and correlating elementary network events from different network domains, such as CN, RAN, and transport networks.
  • Such analytics systems calculate user- and session-level E2E service quality metrics (S-KPIs) as well as radio and network resource metrics (R-KPIs) that characterize the radio environment or network operation at user and session level.
  • S-KPIs user- and session-level E2E service quality metrics
  • R-KPIs radio and network resource metrics
  • Figure 3 shows an exemplary multi-domain communication network (300) comprising a UE, a RAN, a packet-based CN, and an IMS.
  • the RAN includes eNBs that provide the LTE-Uu radio interface and gNBs that provide the NR-Uu interface to UEs.
  • the CN includes SMF, AMF, and UPF in 5GC discussed above, as well as mobility management entity (MME), serving gateway (SGW), and packet gateway (PGW) that are part of the Evolved Packet Core (EPC) associated with LTE networks.
  • MME mobility management entity
  • SGW serving gateway
  • PGW packet gateway
  • the UPF connects to the IMS via the N6 interface, such that IMS in Figure 3 is an instance of the PDN shown in Figure 2.
  • Figure 3 also shows various “tapping points” where data can be collected from the three domains of the network.
  • node events e.g., PM counters
  • interface events can be collected from S5-U (user), S5-C (control), Sl-U, and S5-U interfaces in CN as well as from Mw interface between P-CSCF and IS-CSCSF in IMS.
  • some more advanced analytics systems combine information collected from the multiple domains to determine “user experience” analytics that represent performance experienced by an end user for a specific service.
  • Time series datasets can be collected from various nodes and various interface in multiple domains of a communication network. Time series data collected in this manner can be used to analyze, predict, and/or understand user behavior patterns as well as network performance trends. However, detecting and addressing sudden, undesired changes in network operation and/or performance (e.g., failures or anomalies) can be very difficult, even with large amounts of available time series data.
  • Another conventional approach is fixed alarm thresholds set for various network KPIs or metrics. This can be used for problematic conditions and/or to avoid manual searching. However, there is a tradeoff between sensitivity and false alarms. If the thresholds are set too low, the system becomes overloaded with a high number of alarms; if set too high, only the highly serious issues will be detected and often later than desired. In general, conventional monitoring systems often generate a large number of alarms that exceeds the capacity of human engineering to review and respond to within time to avoid outages or other degradations.
  • anomaly detection sets alarms based on based on observed distributions of network KPIs or metrics. In this manner, events that are outliers (in some statistical sense) relative to typical or normal values will be detected.
  • U.S. Pat. 8,200,193 describes a UE-based technique for identifying abnormal traffic generated by a unique UE but does not detect network-level issues.
  • U.S. Pat. Pubs. 2021/0058424 and 2020/0106795 disclose techniques for anomaly detection in communication networks that focus on performance metrics of single elements (e.g., microservices or nodes), without considering multi-dimensional network structure or behavioral distinctions between in time series data (e.g., periodicity, trend, etc.).
  • U.S. Pat. 7,460,498 describes techniques for detecting issues with fixed telecommunication lines based on measurements of individual network elements, also without considering multi-dimensional network structure.
  • multi-domain communication networks are distributed such that a failure in one part of the network may also affect other parts, causing all affected parts to generate alarms or other fault indicators.
  • a fault at one level of network hierarchy e.g., cell
  • may also cause faults at other levels e.g., node serving the cell.
  • the complexity of multi-domain communication networks requires monitoring at a relatively high level of granularity, such as pre-defined groups or aggregations of data sessions, users, cells, network elements, etc. or combinations thereof.
  • this approach makes it difficult to detect faults affecting smaller subsets of these groups or aggregations (e.g., single data session, cell, or application) or affecting different groups, aggregations, or combinations that are not selected for monitoring. For example, monitoring cell level throughput distributions will not reveal application-specific issues (e.g., for Netflix).
  • Embodiments of the present disclosure address these and other problems, issues, and/or difficulties by novel, flexible, and efficient techniques that identify faulty elements of a multidomain communication network by collecting all fault markers and attributing them to those network elements (or combinations thereof) that are the root cause.
  • Embodiments also include corresponding network analytics systems that perform such techniques.
  • Embodiments can be implemented in multi-dimensional advanced analytic systems (e.g., Ericsson Expert Analytics). Embodiments can also operate using legacy telecommunication fault management (FM) alarms and performance management (PM) counter based KPIs, including any available enrichment (e.g., FM alarms can be enriched by node properties, geographical properties, etc.).
  • FM telecommunication fault management
  • PM performance management
  • Embodiments can be summarized as follows.
  • a multi-domain, correlated network analytics system offers almost infinite possibilities to investigate various known network failures.
  • embodiments provide further capability to detect yet unknown failures requires in a multi-domain network.
  • Embodiments can identify issues in early, developing phases, such that the issues can be timely addressed to minimize impact on user experience and network downtimes.
  • Embodiments of the anomaly detection techniques learn “normal” network behavior. This gives a significant advantage over conventional threshold-based alarm systems, since many network KPIs depend on time of the day, day of the week, and/or actual network load. Having thresholds adaptive to these factors significantly increases the reliability of anomaly or fault detection. By providing a learning system that exploits relationships among the multitude of time series describing the communication network, embodiments can reduce or eliminate impact of training time errors in the network.
  • Network issues causing performance degradations can be detected from abnormal values in network element PM metrics and/or in more complex metrics derived from end-to-end correlated session records. Without identifying the root cause, however, the network operator is unable to properly troubleshoot such issues and perform fault management.
  • a fault or failure often impacts a wide range of user sessions which manifests in various alarms, faults, etc. being reported by various network elements traversed by those sessions.
  • the number of alarms and anomalies detected by conventional monitoring systems often exceeds the capacity of human engineering resources to review and respond to within time to avoid outages or other degradations.
  • side effects may be correlated with the problem but are not the cause of the problem.
  • Some side effects can be related to network hierarchy. For example, in relation to a problematic RAN software upgrade deployed in a certain region, the monitoring system might detect anomalies for all tracking areas, cell sites, and cells in the region, possibly generating thousands of alarm. However, these abundant alarms do not necessarily identify the root cause (i.e., software update) without further intelligence being applied. As another example, consider a case where 70% of UEs in a monitored region of the network are from a single manufacturer (e.g., Apple) and use a common operating system (e.g., iOS).
  • a single manufacturer e.g., Apple
  • iOS common operating system
  • the result may be alarms for all cells, RAN nodes, user sessions, applications, etc. in the region, since 70% of the traffic will come from the UEs having the bug.
  • these abundant alarms do not necessarily identify the root cause (i.e., UE OS bug) without further intelligence being applied.
  • each collected time series of data can be considered a marginal distribution of network performance or user experience within a particular dimension, with the full network performance being represented by the multi-dimensional set of time series that have unknown relationships between them (i.e., between the marginal distributions).
  • monitoring systems typically aggregate certain pre-defined dimensions for anomaly detection (e.g., average throughput per node type or per area), which limits the visibility into the actual multi-variate distribution of fault markers.
  • the monitoring system is both under-inclusive (e.g., lacking aggregations likely to indicate anomalies and/or lead to root causes) and over-inclusive (e.g., using pre-defined aggregations unlikely to indicate anomalies), the latter of which leads to unnecessary processing requirements.
  • Embodiments can attribute fault markers to the dimension(s) associated with the actual root cause, resulting in “excess fault markers” that enable two different types of anomaly detection:
  • spatial-domain anomaly detection for network optimization e.g., comparing behavior of a network element with its neighbors to find underperformers
  • time-domain anomaly detection for network operations e.g., comparing present and past behavior of a network element to find temporary degradations.
  • FIG. 4 shows a functional diagram of a network analytics system (400) according to embodiments of the present disclosure. This exemplary system may also be referred to as an “anomaly detector”.
  • An input to the system is a database (405) of end-to-end correlated records.
  • the end-to-end correlated records can be written into this database in batches (e.g., per time window) or as a continuous data stream.
  • the database may contain PM counters instead.
  • the end-to-end correlated records in the database are first processed by a lightweight prefiltering function (410), which checks for any irregularities in the records, such as content and/or format that is unexpected.
  • the lightweight prefiltering function can be an expert systems with pre-defined rules.
  • the lightweight prefiltering function can be an artificial intelligence/machine learning (AI/ML) system that has been trained with “regular” records of the type found in the database. How “lightweight” the prefiltering function is can be arbitrary, with simpler solutions generally preferred due to the huge amount of data needing to be processed in typical applications.
  • the output of the lightweight filtering function are fault markers, which are written into a database (415) either in batches (e.g., per time window) or as a continuous data stream.
  • the fault markers (even if coming as a stream) are then collected into batches and fed into the frequent pattern mining subsystem (420), which identifies conditions (or “symptoms”) that appear frequently in the fault markers. More specifically, the frequent pattern mining subsystem identifies each pattern that includes a combination of fault markers that appear at least a threshold number of times, k.
  • a pattern can also be thought of as a filter that identifies which segment of the network is affected by an issue needing further review. In the previous example, this corresponds to a segment involving iOS 15.1 devices that communicate with the RAN via 2100 MHz carrier frequency. Even so, all network issues will not necessarily be detected as frequent patterns, primarily due to the choice of threshold k. In other words, the selection of k is a tradeoff between frequent pattern misdetection (when k is too large) and frequent pattern false detection (when k is too small). Put differently, the threshold k specifies the smallest issue that human engineering resources are willing to review further. At this point, the network analytics system has identified network segments with issues needing further review, which the frequent pattern mining subsystem stores in a database (425).
  • a market share is a ratio (or percentage) of traffic through a network segment (i.e., identified as a frequent pattern) that is related to some other network segment.
  • a market share is a ratio (or percentage) of traffic through a network segment (i.e., identified as a frequent pattern) that is related to some other network segment.
  • the targeted aggregation subsystem (430) calculates market shares for frequent patterns (or network segments of interest), such as in the example above, and stores the calculated market shares in a database (435).
  • the side effect removal subsystem (440), which operates on the information stored in two databases (425, 435).
  • the side effect removal subsystem can apply an “explainability principle” for this calculation, as described below.
  • n fault markers were triggered by an issue with iOS 15.1 and knowing the market share of 2100 MHz carrier frequency in iOS 15.1 fault markers is 0.3 (or 30%), then 0.3n fault markers with 2100 MHz carrier frequency are expected as side effects.
  • iOS 15.1 is only one pattern that explains observing some fault markers with 2100 MHz carrier frequency, and all patterns should be considered to cover all possible side effects.
  • a set of linear equations can be solved for the n y - terms, thereby reconstructing for each frequent pattern i the number of fault markers H,, that were triggered specifically by it.
  • n y - 0 and the pattern can be ignored.
  • the side effect removal subsystem identifies the remaining patterns as anomaly candidates, with their bias- corrected frequencies being the calculated n y - terms. These are stored in a database (445).
  • n y - terms bias-corrected frequencies
  • One way to avoid this situation is solving for the bias-corrected frequencies using non-negative linear least squares regression with a constraint that all n y - > 0. The resulting solution violates the linear equations in a minimal sense according to a squared-error criterion.
  • Other types of regressions can also be applied in this manner to generate non-negative bias-corrected frequencies.
  • some identified anomaly candidates may be transient rather than actual anomalies.
  • the spatio-temporal anomaly detection subsystem (455), which analyzes historical anomaly data stored in a database (450). For example, to perform temporal detection, the spatio-temporal anomaly detection subsystem queries historical timeseries values of the bias-corrected frequency of an anomaly candidate pattern i and detects whether the actual frequency of the anomaly candidate pattern i deviates by more than some threshold. If so, it is identified as an anomaly and written to a database (460).
  • the spatio-temporal anomaly detection subsystem compares the bias -corrected frequency of an anomaly candidate pattern i to bias-corrected frequencies of its neighbors. If the anomaly candidate pattern’s bias-corrected frequency deviates by more than some threshold from its neighbors, it is identified as an anomaly and written to a database (460).
  • FIG. 5 illustrates operation of the network analytics system shown in Figure 4 using example data.
  • a fault maker includes (from left to right) a fault ID, a rule (or fault condition) ID, an international mobile subscriber identifier (IMSI) associated with an involved UE, a timestamp of the fault, vendor and OS of the involved UE (device), carrier frequency, cell ID, and radio access technology (RAT) on which the fault occurred, vendor of the RAN equipment on which the fault occurred, and an ID of the RAN node on which the fault occurred (i.e., RAN node serving the involved UE).
  • IMSI international mobile subscriber identifier
  • RAT radio access technology
  • Embodiments of the present disclosure may be scalable.
  • all subsystems and databases shown in Figure 4 can be implemented in a cloud-native manner.
  • lightweight prefiltering, frequent pattern mining, and targeted aggregation can be implemented within distributed computing frameworks such as Apache Spark, DASK, etc. running on top of Kubernetes.
  • Spatio-temporal anomaly detection performs multiple anomaly detection algorithms that are not inter-dependent and can therefore be parallelized and distributed in a similar manner.
  • Side-effect removal may require iterative algorithms, which may be more complex to implement on distributed computing. However, calculations for each iteration can be distributed in a similar manner as other subsystems.
  • the databases shown in Figure 4 can be standard relational databases, streams, graph databases, or other NoSQL databases. All of these options support cloud-native implementations or can simply be virtualized on top of a cloud platform, mimicking a bare-metal setup.
  • Open RAN ALLIANCE is a community of mobile operators and RAN vendors working towards an open, intelligent, virtualized, operationally efficient, and fully interoperable RANs. To achieve these goals, the community has defined an O-RAN Architecture with key functions and interfaces.
  • O-RAN work groups WGs.
  • O-RAN WG1 is concerned with use cases and overall architecture.
  • One general principle is that O-RAN architecture and interface specifications shall be consistent with 3GPP architecture and interface specifications, to the extent possible.
  • Figure 6 shows the high-level O-RAN architecture and four key interfaces Al, 01, Open Fronthaul M-plane, and 02.
  • SMO Service Management and Orchestration
  • NFs 0-RAN network functions
  • O-Cloud Open Cloud
  • SMO Service Management and Orchestration
  • NG interface between 0-RAN NFs and the NG-Core, which is consistent with the NG interface with 5GC shown in Figure 1.
  • the 0-RAN Architecture Description defines the following three control loops with respective latencies:
  • Non-RT RIC and Near-RT RIC control loops are fully defined by O-RAN, but O-RAN only defines relevant interactions with other O-RAN nodes or functions for the RT control loop (which performs radio scheduling, HARQ, beamforming, etc.).
  • the Non-RT RIC provides the Al interface to the Near-RT RIC.
  • One task of Non-RT RIC is to provide policy-based guidance, machine learning (ML) model management, and enrichment information to support intelligent RAN optimization by the Near-RT RIC (e.g., for radio resource management, RRM).
  • the Non-RT RIC can also perform intelligent RRM in longer, non-RT intervals (e.g., greater than 1 second).
  • the Non-RT RIC can use data analytics and artificial intelligence (AI)/ML training and inference to determine RAN optimizations, for which it can leverage SMO services such as data collection from and provisioning to the O-RAN nodes. These actions are performed by Non-RT RIC Applications (rApps).
  • the Non-RT RIC also includes the Non-RT RIC Framework, which is internal to the SMO Framework, logically terminates the Al interface, and exposes all required functionality and services to rApps.
  • the O-RAN architecture does not include any components and/or interfaces that enable input data flows from existing data collection components for crossdomain correlation and anomaly detection.
  • the SMO Non-RT RIC component does not have any data interfaces towards domains other than RAN.
  • input data from non-RAN domains e.g., CN, Application, etc.
  • O-RAN domains e.g., CN, Application, etc.
  • Figure 7 shows a first implementation option for integrating embodiments of the present disclosure in a multi-domain communication network (700) that includes the O-RAN architecture.
  • an anomaly detector e.g., network analytics system 400 shown in Figure 4
  • runs on an Al server outside of SMO e.g., on public or private cloud computing environment
  • the anomaly detector also has external interfaces that facilitate data collection from other domains such as CN (e.g., 5GC), IMS, etc.
  • Figure 8 shows a second implementation option for integrating embodiments of the present disclosure in a multi-domain network (800) that includes the O-RAN architecture.
  • the anomaly detector (810) runs in the Non-RT RIC and optionally partially within the Near-RT RIC.
  • Figure 9 depicts an exemplary method e.g., procedure) for detecting operational anomalies in a multi-domain communication network, according to various embodiments of the present disclosure.
  • Figure 9 shows specific blocks in a particular order, the operations of the exemplary method can be performed in a different order than shown and can be combined and/or divided into blocks having different functionality than shown. Optional blocks or operations are indicated by dashed lines.
  • the network analytics system can be implemented in (or as) a service management and orchestration (SMO) system for a RAN, an analytics-related CN node such as NWDAF, a network management node in an 0AM system, or an application running in a host computing system external to the network (e.g., public or private cloud environment).
  • SMO service management and orchestration
  • the exemplary method includes the operations of block 910, where the network analytics system obtains a plurality of fault markers associated with respective faults that occurred in the communication network. Each fault marker includes a plurality of data values collected from the multiple domains of the communication network.
  • the exemplary method also includes the operations of block 930, where the network analytics system identifies a plurality of patterns of data values that occur in the fault markers with respective occurrence frequencies that are at least a threshold frequency (e.g., “frequent patterns”).
  • the exemplary method also includes the operations of block 940, where for each of the identified patterns, the network analytics system determines respective proportions in which the pattern appears in the other identified patterns (e.g., “market share”).
  • the exemplary method also includes the operations of block 950, where the network analytics system determines one or more anomaly candidates among the identified patterns, based on the occurrence frequency and the determined proportions for each identified pattern.
  • the exemplary method also includes the operations of block 960, where the network analytics system detects one or more operational anomalies in the communication network based on correspondence between the occurrence frequency of each anomaly candidate and the following:
  • identifying the plurality of patterns of data values that occur in the fault markers with respective occurrence frequencies that are at least a threshold frequency in block 930 can include the operations of sub-blocks 931-932, where the network analytics system determines occurrence frequencies of each pattern of data values that appears in the fault markers and compares each determined occurrence frequency to the threshold frequency.
  • determining one or more anomaly candidates among the identified patterns based on the occurrence frequencies and the determined proportions for each identified pattern in block 950 can include the following operations, labelled with corresponding sub-block numbers:
  • determining one or more anomaly candidates among the identified patterns based on the occurrence frequencies and the determined proportions for each identified pattern in block 950 also includes the operations of sub-block 953, where the network analytics system identifies, as side effects, the patterns having zero numbers of occurrences.
  • determining a number of occurrences for each identified pattern based on the occurrence frequency and the determined proportions for the identified pattern in sub-block 951 includes solving a set of linear equations in which the determined proportions are coefficients for the numbers of occurrences of the respective patterns, which are unknowns.
  • An example of such linear equations was discussed above.
  • solving the set of linear equations is performed using a non-negative least squares regression with a constraint that the numbers of occurrences of the respective patterns are nonnegative.
  • each fault marker includes a plurality of different data elements collected from the multiple domains of the communication network, with each data element containing one of the data values.
  • the neighbors to each pattern of data values associated with an anomaly candidate include all fault markers having the same plurality of data elements with only one of the data values being different than the anomaly candidate. Some examples of neighbors were discussed above.
  • the data elements comprising each fault marker include data values for at least two of the following associated with the corresponding fault:
  • CN core network
  • UPF function
  • Figure 5 shows an example of fault markers containing values for some of the above items.
  • each detected operational anomaly is an anomaly candidate whose occurrence frequency deviated by more than a threshold from one or more of the following: the historical occurrence frequency of the pattern of data values associated with the anomaly candidate, and occurrence frequencies of neighbors to the pattern of data values associated with the anomaly candidate.
  • the exemplary method can also include the operations of block 920, where before identifying the plurality of patterns in block 930, the network analytics system performs prefiltering on the obtained fault markers to remove any fault markers whose format and/or content is irregular or unexpected.
  • the lightweight prefiltering subsystem discussed above is an example of such prefiltering.
  • the plurality of data values included in each fault marker comprise one of the following: an end-to-end correlated record, or a plurality of performance management (PM) counter values.
  • the plurality of fault markers are obtained in a batch from a database, and the method is repeated for subsequent batches of fault markers obtained from the database.
  • the multiple domains include at least two of the following domains: a user equipment (UE) domain; a radio access network (RAN) domain; a core network (CN) domain; and an IP multimedia system (IMS) domain.
  • each fault marker include data values obtained from the at least two domains.
  • the RAN domain comprises an Open RAN (O-RAN) architecture and the method is performed by an O-RAN non-RT RIC and/or by an O-RAN near-RT RIC.
  • O-RAN Open RAN
  • FIG 10 shows an example of a communication system 1000 in accordance with some embodiments.
  • communication system 1000 includes telecommunication network 1002 that includes access network 1004 (e.g., RAN) and core network 1006, which includes one or more core network nodes 1008.
  • telecommunication network 1002 can also include one or more Network Management (NM) nodes 1018, which can be part of an operation support system (OSS), a business support system (BSS), and/or an 0AM system.
  • OSS operation support system
  • BSS business support system
  • 0AM 0AM system
  • the NM nodes can monitor and/or control operations of other nodes in access network 1004 and core network 1006.
  • NM node 1018 is configured to communicate with other nodes in access network 1004 and core network 1006 for these purposes.
  • Access network 1004 includes one or more access network nodes, such as network nodes lOlOa-b (one or more of which may be generally referred to as network nodes 1010), or any other similar 3GPP access node or non-3GPP access point.
  • Network nodes 1010 facilitate direct or indirect connection of UEs, such as by connecting UEs 1012a-d (one or more of which may be generally referred to as UEs 1012) to core network 1006 over one or more wireless connections.
  • Example wireless communications over a wireless connection include transmitting and/or receiving wireless signals using electromagnetic waves, radio waves, infrared waves, and/or other types of signals suitable for conveying information without the use of wires, cables, or other material conductors.
  • communication system 1000 may include any number of wired or wireless networks, network nodes, UEs, and/or any other components or systems that may facilitate or participate in the communication of data and/or signals whether via wired or wireless connections.
  • Communication system 1000 may include and/or interface with any type of communication, telecommunication, data, cellular, radio network, and/or other similar type of system.
  • UEs 1012 may be any of a wide variety of communication devices, including wireless devices arranged, configured, and/or operable to communicate wirelessly with network nodes 1010 and other communication devices.
  • network nodes 1010 are arranged, capable, configured, and/or operable to communicate directly or indirectly with UEs 1012 and/or with other network nodes or equipment in telecommunication network 1002 to enable and/or provide network access, such as wireless network access, and/or to perform other functions, such as administration in telecommunication network 1002.
  • core network 1006 connects network nodes 1010 to one or more hosts, such as host 1016. These connections may be direct or indirect via one or more intermediary networks or devices. In other examples, network nodes may be directly coupled to hosts.
  • Core network 1006 includes one or more core network nodes (e.g., 1008) that are structured with hardware and software components. Features of these components may be substantially similar to those described with respect to the UEs, network nodes, and/or hosts, such that the descriptions thereof are generally applicable to the corresponding components of core network node 1008.
  • Example core network nodes include functions of one or more of a Mobile Switching Center (MSC), Mobility Management Entity (MME), Home Subscriber Server (HSS), Access and Mobility Management Function (AMF), Session Management Function (SMF), Authentication Server Function (AUSF), Subscription Identifier De-concealing function (SIDE), Unified Data Management (UDM), Security Edge Protection Proxy (SEPP), Network Exposure Function (NEF), and/or a User Plane Function (UPF).
  • MSC Mobile Switching Center
  • MME Mobility Management Entity
  • HSS Home Subscriber Server
  • AMF Access and Mobility Management Function
  • SMF Session Management Function
  • AUSF Authentication Server Function
  • SIDE Subscription Identifier De-concealing function
  • UDM Unified Data Management
  • SEPP Security Edge Protection Proxy
  • NEF Network Exposure Function
  • UPF User Plane Function
  • Host 1016 may be under the ownership or control of a service provider other than an operator or provider of access network 1004 and/or telecommunication network 1002, and may be operated by the service provider or on behalf of the service provider.
  • Host 1016 may host a variety of applications to provide one or more service. Examples of such applications include live and pre-recorded audio/video content, data collection services such as retrieving and compiling data on various ambient conditions detected by a plurality of UEs, analytics functionality, social media, functions for controlling or otherwise interacting with remote devices, functions for an alarm and surveillance center, or any other such function performed by a server.
  • access network 1004 can include a service management and orchestration (SMO) system or node 1020, which can monitor and/or control operations of the access network nodes 1010.
  • SMO service management and orchestration
  • This arrangement can be used, for example, when access network 1004 utilizes an Open RAN (O-RAN) architecture.
  • SMO system 1020 can be configured to communicate with core network 1006 and/or host 1016, as shown in Figure 10.
  • host 1016, network management node 1018, and SMO system 1020 can be configured to perform various operations of exemplary methods (e.g., procedures) for detecting operational anomalies in a multi-domain communication network, such as described above in relation to Figure 9.
  • communication system 1000 of Figure 10 enables connectivity between the UEs, network nodes, and hosts.
  • the communication system may be configured to operate according to predefined rules or procedures, such as specific standards that include, but are not limited to: Global System for Mobile Communications (GSM); Universal Mobile Telecommunications System (UMTS); Long Term Evolution (LTE), and/or other suitable 2G, 3G, 4G, 5G standards, or any applicable future generation standard (e.g., 6G); wireless local area network (WLAN) standards, such as the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standards (WiFi); and/or any other appropriate wireless communication standard, such as the Worldwide Interoperability for Microwave Access (WiMax), Bluetooth, Z-Wave, Near Field Communication (NFC) ZigBee, LiFi, and/or any low-power wide-area network (LPWAN) standards such as LoRa and Sigfox.
  • GSM Global System for Mobile Communications
  • UMTS Universal Mobile Telecommunications System
  • LTE Long Term Evolution
  • telecommunication network 1002 is a cellular network that implements 3GPP standardized features. Accordingly, telecommunication network 1002 may support network slicing to provide different logical networks to different devices that are connected to telecommunication network 1002. For example, telecommunication network 1002 may provide Ultra Reliable Low Latency Communication (URLLC) services to some UEs, while providing Enhanced Mobile Broadband (eMBB) services to other UEs, and/or Massive Machine Type Communication (mMTC)/Massive loT services to yet further UEs.
  • URLLC Ultra Reliable Low Latency Communication
  • eMBB Enhanced Mobile Broadband
  • mMTC Massive Machine Type Communication
  • UEs 1012 are configured to transmit and/or receive information without direct human interaction.
  • a UE may be designed to transmit information to access network 1004 on a predetermined schedule, when triggered by an internal or external event, or in response to requests from access network 1004.
  • a UE may be configured for operating in single- or multi-RAT or multi-standard mode.
  • a UE may operate with any one or combination of Wi-Fi, NR (New Radio) and LTE, i.e., being configured for multi-radio dual connectivity (MR-DC), such as E-UTRAN (Evolved-UMTS Terrestrial Radio Access Network) New Radio - Dual Connectivity (EN-DC).
  • MR-DC multi-radio dual connectivity
  • hub 1014 communicates with access network 1004 to facilitate indirect communication between one or more UEs (e.g., UE 1012c and/or 1012d) and network nodes (e.g., network node 1010b).
  • hub 1014 may be a controller, router, content source and analytics, or any of the other communication devices described herein regarding UEs.
  • hub 1014 may be a broadband router enabling access to core network 1006 for the UEs.
  • hub 1014 may be a controller that sends commands or instructions to one or more actuators in the UEs. Commands or instructions may be received from the UEs, network nodes 1010, or by executable code, script, process, or other instructions in hub 1014.
  • hub 1014 may be a data collector that acts as temporary storage for UE data and, in some embodiments, may perform analysis or other processing of the data.
  • hub 1014 may be a content source. For example, for a UE that is a VR headset, display, loudspeaker or other media delivery device, hub 1014 may retrieve VR assets, video, audio, or other media or data related to sensory information via a network node, which hub 1014 then provides to the UE either directly, after performing local processing, and/or after adding additional local content.
  • hub 1014 acts as a proxy server or orchestrator for the UEs, in particular in if one or more of the UEs are low energy loT devices.
  • Figure 11 shows a network node 1100 in accordance with some embodiments.
  • network nodes include, but are not limited to, access points (e.g., radio access points) and base stations (e.g., radio base stations, Node Bs, eNBs, and gNBs).
  • access points e.g., radio access points
  • base stations e.g., radio base stations, Node Bs, eNBs, and gNBs.
  • Base stations may be categorized based on the amount of coverage they provide (or, stated differently, their transmit power level) and so, depending on the provided amount of coverage, may be referred to as femto base stations, pico base stations, micro base stations, or macro base stations.
  • a base station may be a relay node or a relay donor node controlling a relay.
  • a network node may also include one or more (or all) parts of a distributed radio base station such as centralized digital units and/or remote radio units (RRUs), sometimes referred to as Remote Radio Heads (RRHs). Such remote radio units may or may not be integrated with an antenna as an antenna integrated radio.
  • RRUs remote radio units
  • RRHs Remote Radio Heads
  • Such remote radio units may or may not be integrated with an antenna as an antenna integrated radio.
  • Parts of a distributed radio base station may also be referred to as nodes in a distributed antenna system (DAS).
  • DAS distributed antenna system
  • network nodes include multiple transmission point (multi-TRP) 5G access nodes, multi-standard radio (MSR) equipment such as MSR BSs, network controllers such as radio network controllers (RNCs) or base station controllers (BSCs), base transceiver stations (BTSs), transmission points, transmission nodes, multi-cell/multicast coordination entities (MCEs), Operation and Maintenance (O&M) nodes, Operations Support System (OSS) nodes, Self-Organizing Network (SON) nodes, positioning nodes (e.g., Evolved Serving Mobile Location Centers (E-SMLCs)), and/or Minimization of Drive Tests (MDTs).
  • MSR multi-standard radio
  • RNCs radio network controllers
  • BSCs base station controllers
  • BTSs base transceiver stations
  • OFDM Operation and Maintenance
  • OSS Operations Support System
  • SON Self-Organizing Network
  • positioning nodes e.g., Evolved Serving Mobile Location Centers (E-SMLCs)
  • network node 1100 can be configured to perform various operations of exemplary methods e.g., procedures) for detecting operational anomalies in a multidomain communication network, such as described above in relation to Figure 9.
  • Network node 1100 includes processing circuitry 1102, memory 1104, communication interface 1106, and power source 1108.
  • Network node 1100 may be composed of multiple physically separate components (e.g., a NodeB component and a RNC component, or a BTS component and a BSC component, etc.), which may each have their own respective components.
  • network node 1100 comprises multiple separate components (e.g., BTS and BSC components)
  • one or more of the separate components may be shared among several network nodes.
  • a single RNC may control multiple NodeBs.
  • each unique NodeB and RNC pair may in some instances be considered a single separate network node.
  • network node 1100 may be configured to support multiple radio access technologies (RATs).
  • RATs radio access technologies
  • Network node 1100 may also include multiple sets of the various illustrated components for different wireless technologies integrated into network node 1100, for example GSM, WCDMA, LTE, NR, WiFi, Zigbee, Z-wave, LoRaWAN, Radio Frequency Identification (RFID) or Bluetooth wireless technologies. These wireless technologies may be integrated into the same or different chip or set of chips and other components within network node 1100.
  • wireless technologies for example GSM, WCDMA, LTE, NR, WiFi, Zigbee, Z-wave, LoRaWAN, Radio Frequency Identification (RFID) or Bluetooth wireless technologies. These wireless technologies may be integrated into the same or different chip or set of chips and other components within network node 1100.
  • RFID Radio Frequency Identification
  • Processing circuitry 1102 may comprise a combination of one or more of a microprocessor, controller, microcontroller, central processing unit, digital signal processor, application-specific integrated circuit, field programmable gate array, or any other suitable computing device, resource, or combination of hardware, software and/or encoded logic operable to provide, either alone or in conjunction with other network node 1100 components, such as memory 1104, to provide network node 1100 functionality.
  • processing circuitry 1102 includes a system on a chip (SOC). In some embodiments, processing circuitry 1102 includes one or more of radio frequency (RF) transceiver circuitry 1112 and baseband processing circuitry 1114. In some embodiments, RF transceiver circuitry 1112 and baseband processing circuitry 1114 may be on separate chips (or sets of chips), boards, or units, such as radio units and digital units. In alternative embodiments, part or all of RF transceiver circuitry 1112 and baseband processing circuitry 1114 may be on the same chip or set of chips, boards, or units.
  • SOC system on a chip
  • processing circuitry 1102 includes one or more of radio frequency (RF) transceiver circuitry 1112 and baseband processing circuitry 1114.
  • RF transceiver circuitry 1112 and baseband processing circuitry 1114 may be on separate chips (or sets of chips), boards, or units, such as radio units and digital units. In alternative embodiments, part or all of RF transceiver circuitry 1112 and baseband processing
  • Memory 1104 may comprise any form of volatile or non-volatile computer-readable memory including, without limitation, persistent storage, solid-state memory, remotely mounted memory, magnetic media, optical media, random access memory (RAM), read-only memory (ROM), mass storage media (for example, a hard disk), removable storage media (for example, a flash drive, a Compact Disk (CD) or a Digital Video Disk (DVD)), and/or any other volatile or non-volatile, non-transitory device-readable and/or computer-executable memory devices that store information, data, and/or instructions that may be used by processing circuitry 1102.
  • volatile or non-volatile computer-readable memory including, without limitation, persistent storage, solid-state memory, remotely mounted memory, magnetic media, optical media, random access memory (RAM), read-only memory (ROM), mass storage media (for example, a hard disk), removable storage media (for example, a flash drive, a Compact Disk (CD) or a Digital Video Disk (DVD)), and/or any other volatile or non-vola
  • Memory 1104 may store any suitable instructions, data, or information, including a computer program, software, an application including one or more of logic, rules, code, tables, and/or other instructions (collectively denoted computer program 1104a, which may be in the form of a computer program product) capable of being executed by processing circuitry 1102 and utilized by network node 1100. Memory 1104 may be used to store any calculations made by processing circuitry 1102 and/or any data received via communication interface 1106. In some embodiments, processing circuitry 1102 and memory 1104 is integrated.
  • Communication interface 1106 is used in wired or wireless communication of signaling and/or data between a network node, access network, and/or UE. As illustrated, communication interface 1106 comprises port(s)/terminal(s) 1116 to send and receive data, for example to and from a network over a wired connection. Communication interface 1106 also includes radio frontend circuitry 1118 that may be coupled to, or in certain embodiments a part of, antenna 1110. Radio front-end circuitry 1118 comprises filters 1120 and amplifiers 1122. Radio front-end circuitry 1118 may be connected to an antenna 1110 and processing circuitry 1102. The radio front-end circuitry may be configured to condition signals communicated between antenna 1110 and processing circuitry 1102.
  • Radio front-end circuitry 1118 may receive digital data that is to be sent out to other network nodes or UEs via a wireless connection. Radio front-end circuitry 1118 may convert the digital data into a radio signal having the appropriate channel and bandwidth parameters using a combination of filters 1120 and/or amplifiers 1122. The radio signal may then be transmitted via antenna 1110. Similarly, when receiving data, antenna 1110 may collect radio signals which are then converted into digital data by radio front-end circuitry 1118. The digital data may be passed to processing circuitry 1102. In other embodiments, the communication interface may comprise different components and/or different combinations of components.
  • network node 1100 does not include separate radio front-end circuitry 1118, instead, processing circuitry 1102 includes radio front-end circuitry and is connected to antenna 1110. Similarly, in some embodiments, all or some of RF transceiver circuitry 1112 is part of communication interface 1106. In still other embodiments, communication interface 1106 includes one or more ports or terminals 1116, radio front-end circuitry 1118, and RF transceiver circuitry 1112, as part of a radio unit (not shown), and communication interface 1106 communicates with baseband processing circuitry 1114, which is part of a digital unit (not shown).
  • Antenna 1110 may include one or more antennas, or antenna arrays, configured to send and/or receive wireless signals. Antenna 1110 may be coupled to radio front-end circuitry 1118 and may be any type of antenna capable of transmitting and receiving data and/or signals wirelessly. In certain embodiments, antenna 1110 is separate from network node 1100 and connectable to network node 1100 through an interface or port.
  • Antenna 1110, communication interface 1106, and/or processing circuitry 1102 may be configured to perform any receiving operations and/or certain obtaining operations described herein as being performed by the network node. Any information, data and/or signals may be received from a UE, another network node and/or any other network equipment. Similarly, antenna 1110, communication interface 1106, and/or processing circuitry 1102 may be configured to perform any transmitting operations described herein as being performed by the network node. Any information, data and/or signals may be transmitted to a UE, another network node and/or any other network equipment.
  • Power source 1108 provides power to the various components of network node 1100 in a form suitable for the respective components (e.g., at a voltage and current level needed for each respective component). Power source 1108 may further comprise, or be coupled to, power management circuitry to supply the components of network node 1100 with power for performing the functionality described herein.
  • network node 1100 may be connectable to an external power source (e.g., the power grid, an electricity outlet) via an input circuitry or interface such as an electrical cable, whereby the external power source supplies power to power circuitry of power source 1108.
  • power source 1108 may comprise a source of power in the form of a battery or battery pack which is connected to, or integrated in, power circuitry. The battery may provide backup power should the external power source fail.
  • Embodiments of network node 1100 may include additional components beyond those shown in Figure 11 for providing certain aspects of the network node’s functionality, including any of the functionality described herein and/or any functionality necessary to support the subject matter described herein.
  • network node 1100 may include user interface equipment to allow input of information into network node 1100 and to allow output of information from network node 1100. This may allow a user to perform diagnostic, maintenance, repair, and other administrative functions for network node 1100.
  • FIG 12 is a block diagram of a host 1200, which may be an embodiment of host 1016 of Figure 10, in accordance with various aspects described herein.
  • Host 1200 may be or comprise various combinations hardware and/or software, including a standalone server, a blade server, a cloud-implemented server, a distributed server, a virtual machine, container, or processing resources in a server farm.
  • Host 1200 may provide one or more services to one or more UEs.
  • Host 1200 includes processing circuitry 1202 that is operatively coupled via bus 1204 to input/output interface 1206, network interface 1208, power source 1210, and memory 1212. Other components may be included in other embodiments. Features of these components may be substantially similar to those described with respect to the devices of previous figures, such as Figure 11, such that the descriptions thereof are generally applicable to the corresponding components of host 1200.
  • Memory 1212 may include one or more computer programs including one or more host application programs 1214 and data 1216, which may include user data, e.g., data generated by a UE for host 1200 or data generated by host 1200 for a UE.
  • host 1200 may utilize only a subset or all of the components shown.
  • Host application programs 1214 may be implemented in a container-based architecture and may provide support for video codecs (e.g., Versatile Video Coding (VVC), High Efficiency Video Coding (HEVC), Advanced Video Coding (AVC), MPEG, VP9) and audio codecs (e.g., FLAC, Advanced Audio Coding (AAC), MPEG, G.711), including transcoding for multiple different classes, types, or implementations of UEs (e.g., handsets, desktop computers, wearable display systems, heads-up display systems).
  • Host application programs 1214 may also provide for user authentication and licensing checks and may periodically report health, routes, and content availability to a central node, such as a device in or on the edge of a core network.
  • host 1200 may select and/or indicate a different host for over-the-top services for a UE.
  • Host application programs 1214 may support various protocols, such as the HTTP Live Streaming (HLS) protocol, Real-Time Messaging Protocol (RTMP), Real- Time Streaming Protocol (RTSP), Dynamic Adaptive Streaming over HTTP (MPEG-DASH), etc.
  • HTTP Live Streaming HLS
  • RTMP Real-Time Messaging Protocol
  • RTSP Real- Time Streaming Protocol
  • MPEG-DASH Dynamic Adaptive Streaming over HTTP
  • host 1200 can be configured to perform various operations of exemplary methods e.g., procedures) for detecting operational anomalies in a multi-domain communication network, such as described above in relation to Figure 9.
  • FIG. 13 is a block diagram illustrating a virtualization environment 1300 in which functions implemented by some embodiments may be virtualized.
  • virtualizing means creating virtual versions of apparatuses or devices which may include virtualizing hardware platforms, storage devices and networking resources.
  • virtualization can be applied to any device described herein, or components thereof, and relates to an implementation in which at least a portion of the functionality is implemented as one or more virtual components.
  • Some or all of the functions described herein may be implemented as virtual components executed by one or more virtual machines (VMs) implemented in one or more virtual environments 1300 hosted by one or more of hardware nodes, such as a hardware computing device that operates as a network node, UE, core network node, or host.
  • VMs virtual machines
  • the virtual node does not require radio connectivity (e.g., a core network node or host)
  • the node may be entirely virtualized.
  • Applications 1302 (which may alternatively be called software instances, virtual appliances, network functions, virtual nodes, virtual network functions, etc.) are run in the virtualization environment 1300 to implement some of the features, functions, and/or benefits of some of the embodiments disclosed herein.
  • one or more applications 1302 can be configured to perform various operations of exemplary methods (e.g., procedures) for detecting operational anomalies in a multi-domain communication network, such as described above in relation to Figure 9.
  • Hardware 1304 includes processing circuitry, memory that stores software and/or instructions (collectively denoted computer program 1304a, which may be in the form of a computer program product) executable by hardware processing circuitry, and/or other hardware devices as described herein, such as a network interface, input/output interface, and so forth.
  • Software may be executed by the processing circuitry to instantiate one or more virtualization layers 1306 (also referred to as hypervisors or virtual machine monitors (VMMs)), provide VMs 1308a-b (one or more of which may be generally referred to as VMs 1308), and/or perform any of the functions, features and/or benefits described in relation with some embodiments described herein.
  • the virtualization layer 1306 may present a virtual operating platform that appears like networking hardware to the VMs 1308.
  • VMs 1308 comprise virtual processing, virtual memory, virtual networking or interface and virtual storage, and may be run by a corresponding virtualization layer 1306.
  • VMs 1308 may be implemented on one or more of VMs 1308, and the implementations may be made in different ways.
  • Virtualization of the hardware is in some contexts referred to as network function virtualization (NFV). NFV may be used to consolidate many network equipment types onto industry standard high volume server hardware, physical switches, and physical storage, which can be located in data centers, and customer premise equipment.
  • NFV network function virtualization
  • each VM 1308 may be a software implementation of a physical machine that runs programs as if they were executing on a physical, non-virtualized machine.
  • Each VM 1308, and that part of hardware 1304 that executes that VM be it hardware dedicated to that VM and/or hardware shared by that VM with others of the VMs, forms separate virtual network elements.
  • a virtual network function is responsible for handling specific network functions that run in one or more VMs 1308 on top of hardware 1304 and corresponds to application 1302.
  • Hardware 1304 may be implemented in a standalone network node with generic or specific components. Hardware 1304 may implement some functions via virtualization. Alternatively, hardware 1304 may be part of a larger cluster of hardware (e.g., such as in a data center or CPE) where many hardware nodes work together and are managed via management and orchestration 1310, which, among others, oversees lifecycle management of applications 1302.
  • hardware 1304 is coupled to one or more radio units that each include one or more transmitters and one or more receivers that may be coupled to one or more antennas. Radio units may communicate directly with other hardware nodes via one or more appropriate network interfaces and may be used in combination with the virtual components to provide a virtual node with radio capabilities, such as a radio access node or a base station.
  • some signaling can be provided with the use of a control system 1312 which may alternatively be used for communication between hardware nodes and radio units.
  • the term unit can have conventional meaning in the field of electronics, electrical devices and/or electronic devices and can include, for example, electrical and/or electronic circuitry, devices, modules, processors, memories, logic solid state and/or discrete devices, computer programs or instructions for carrying out respective tasks, procedures, computations, outputs, and/or displaying functions, and so on, as such as those that are described herein.
  • any appropriate steps, methods, features, functions, or benefits disclosed herein may be performed through one or more functional units or modules of one or more virtual apparatuses.
  • Each virtual apparatus may comprise a number of these functional units.
  • These functional units may be implemented via processing circuitry, which may include one or more microprocessor or microcontrollers, as well as other digital hardware, which may include Digital Signal Processor (DSPs), special-purpose digital logic, and the like.
  • the processing circuitry may be configured to execute program code stored in memory, which may include one or several types of memory such as Read Only Memory (ROM), Random Access Memory (RAM), cache memory, flash memory devices, optical storage devices, etc.
  • Program code stored in memory includes program instructions for executing one or more telecommunications and/or data communications protocols as well as instructions for carrying out one or more of the techniques described herein.
  • the processing circuitry may be used to cause the respective functional unit to perform corresponding functions according to one or more embodiments of the present disclosure.
  • device and/or apparatus can be represented by a semiconductor chip, a chipset, or a (hardware) module comprising such chip or chipset; this, however, does not exclude the possibility that a functionality of a device or apparatus, instead of being hardware implemented, be implemented as a software module such as a computer program or a computer program product comprising executable software code portions for execution or being run on a processor.
  • functionality of a device or apparatus can be implemented by any combination of hardware and software.
  • a device or apparatus can also be regarded as an assembly of multiple devices and/or apparatuses, whether functionally in cooperation with or independently of each other.
  • devices and apparatuses can be implemented in a distributed fashion throughout a system, so long as the functionality of the device or apparatus is preserved. Such and similar principles are considered as known to a skilled person.
  • Embodiments also include, but are not limited to, the following enumerated examples.
  • a computer-implemented method for detecting operational anomalies in a multi-domain communication network comprising: obtaining a plurality of fault markers associated with respective faults that occurred in the communication network, wherein each fault marker includes a plurality of data values collected from the multiple domains of the communication network; identifying a plurality of patterns of data values that occur in the fault markers with at least a threshold frequency; for each of the identified patterns, determining a proportion in which the pattern appears in each of the other identified patterns; based on the occurrence frequencies and the respective proportions, determining one or more anomaly candidates among the identified patterns; detecting one or more operational anomalies in the communication network based on correspondence between the occurrence frequency of each anomaly candidate and the following: a historical occurrence frequency of the pattern of data values associated with the anomaly candidate, and occurrence frequencies of neighbors to the pattern of data values associated with the anomaly candidate.
  • identifying the plurality of patterns of data values that occur in the fault markers with at least a threshold frequency comprises: determining occurrence frequencies of each pattern of data values that appears in the fault markers, and comparing each determined occurrence frequency to the threshold frequency.
  • determining one or more anomaly candidates among the identified patterns based on the occurrence frequencies and the respective proportions comprises: determining a number of occurrences for each identified pattern based on the occurrence frequency and respective proportions for the pattern; and identifying, as anomaly candidates, the patterns having non-zero numbers of occurrences.
  • determining one or more anomaly candidates among the identified patterns based on the occurrence frequencies and the respective proportions further comprises identifying, as side effects, the patterns having zero numbers of occurrences.
  • A5. The method of any of embodiments A3-A4, wherein determining a number of occurrences for each identified pattern based on the occurrence frequency and respective proportions for the pattern comprises solving a set of linear equations in which the proportions are coefficients for the numbers of occurrences of the respective patterns, which are unknown.
  • each fault marker includes a plurality of different data elements collected from the multiple domains of the communication network, with each data element containing one of the data values.
  • A8 The method of any of embodiments A6-A7, wherein the data elements comprising each fault marker include data values for at least two of the following associated with the corresponding fault: fault identifier or index, fault condition or type, a time at which the fault occurred, identifier of an involved UE, vendor of the involved UE, operating system of the involved UE, carrier frequency on which the fault occurred, radio access technology (RAT) on which the fault occurred, identifier of a cell in which the fault occurred, identifier of a radio access network (RAN) node associated with the fault, vendor of the RAN node, identifier of a core network (CN) node or function associated with the fault, and vendor of the CN node or function.
  • RAT radio access technology
  • each detected operational anomaly is an anomaly candidate whose occurrence frequency deviated by more than a threshold from one or more of the following: the historical occurrence frequency of the pattern of data values associated with the anomaly candidate, and occurrence frequencies of neighbors to the pattern of data values associated with the anomaly candidate.
  • A10 The method of any of embodiments A1-A9, further comprising, before identifying the plurality of patterns, performing prefiltering on the obtained fault markers to remove any fault markers that have format and/or content that is irregular or unexpected.
  • Al l The method of any of embodiments A1-A10, wherein the plurality of data values included in each fault marker comprise one of the following: an end-to-end correlated record, or a plurality of performance management (PM) counter values.
  • PM performance management
  • A12 The method of any of embodiments Al-Al l, wherein the plurality of fault markers are obtained in a batch from a database, and the method is repeated for subsequent batches of fault markers obtained from the database.
  • the multiple domains include at least two of the following domains: a user equipment (UE) domain; a radio access network (RAN) domain; a core network (CN) domain; and an IP multimedia system (IMS) domain; and each fault marker include data values obtained from the at least two domains.
  • UE user equipment
  • RAN radio access network
  • CN core network
  • IMS IP multimedia system
  • the RAN domain comprises an Open RAN (O-RAN) architecture; and the method is performed at least partially by an O-RAN non-real-time RAN intelligent controller (non-RT RIC).
  • O-RAN Open RAN
  • non-RT RIC O-RAN non-real-time RAN intelligent controller
  • a network analytics system configured to detect operational anomalies in a multi-domain communication network, the network analytics system comprising: communication interface circuitry configured to communicate with multiple domains of the communication network; and processing circuitry that is operably coupled to the communication interface circuitry, whereby the processing circuitry and the communication interface circuitry are configured to perform operations corresponding to any of the methods of embodiments Al -A 14.
  • a network analytics system configured to detect operational anomalies in a multi-domain communication network, the network analytics system being further configured to perform operations corresponding to any of the methods of embodiments A1-A14.
  • a network analytics system configured to detect operational anomalies in a multi-domain communication network, the network analytics system comprising: a filtering subsystem configured to obtain a plurality of fault markers associated with respective faults that occurred in the communication network, wherein each fault marker includes a plurality of data values collected from the multiple domains of the communication network; a frequent pattern mining subsystem configured to identify a plurality of patterns of data values that occur in the fault markers with at least a threshold frequency; a targeted aggregation subsystem configured to determine, for each of the identified patterns, a proportion in which the pattern appears in each of the other identified patterns; a side-effect removal subsystem configured to determine, based on the occurrence frequencies and the respective proportions, one or more anomaly candidates among the identified patterns; and a spatio-temporal anomaly detection subsystem configured to detect one or more operational anomalies in the communication network based on correspondence between the occurrence frequency of each anomaly candidate and the following: a historical occurrence frequency of the pattern of data values associated with the anomaly candidate, and occurrence frequencies of neighbors to
  • the network analytics system of claim B3 being further configured to perform operations corresponding to any of the methods of embodiments A2-A14.
  • a non-transitory, computer-readable medium storing computer-executable instructions that, when executed by processing circuitry, configure a network analytics system to detect operational anomalies in a multi-domain communication network based on performing operations corresponding to any of the methods of embodiments A1-A14.
  • a computer program product comprising computer-executable instructions that, when executed by processing circuitry, configure a network analytics system to detect operational anomalies in a multi-domain communication network based on performing operations corresponding to any of the methods of embodiments A1-A14.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Les modes de réalisation de l'invention comprennent des procédés pour détecter des anomalies de fonctionnement dans un réseau de communication multidomaine. De tels procédés consistent à : obtenir des marqueurs d'anomalie associés à des anomalies respectives qui se sont produites dans le réseau de communication, chaque marqueur d'anomalie comprenant des valeurs de données collectées provenant des multiples domaines du réseau de communication ; identifier des motifs de valeurs de données qui se produisent dans les marqueurs d'anomalie à l'aide de fréquences d'occurrence respectives qui sont au moins une fréquence seuil et, pour chacun des motifs identifiés, déterminer des proportions respectives dans lesquelles le motif identifié apparaît dans les autres motifs identifiés ; déterminer une ou plusieurs anomalies candidates parmi les motifs identifiés, sur la base de la fréquence d'occurrence et des proportions déterminées pour chaque motif identifié ; détecter une ou plusieurs anomalies de fonctionnement dans le réseau de communication sur la base d'une correspondance entre la fréquence d'occurrence, une fréquence d'occurrence historique et des fréquences d'occurrence de voisins de chaque anomalie candidate.
EP24701746.0A 2023-01-25 2024-01-17 Détection et isolement d'anomalies dans des réseaux de communication multidomaine sur la base de motifs fréquents Pending EP4655926A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202363440937P 2023-01-25 2023-01-25
PCT/IB2024/050462 WO2024157120A1 (fr) 2023-01-25 2024-01-17 Détection et isolement d'anomalies dans des réseaux de communication multidomaine sur la base de motifs fréquents

Publications (1)

Publication Number Publication Date
EP4655926A1 true EP4655926A1 (fr) 2025-12-03

Family

ID=89707899

Family Applications (1)

Application Number Title Priority Date Filing Date
EP24701746.0A Pending EP4655926A1 (fr) 2023-01-25 2024-01-17 Détection et isolement d'anomalies dans des réseaux de communication multidomaine sur la base de motifs fréquents

Country Status (2)

Country Link
EP (1) EP4655926A1 (fr)
WO (1) WO2024157120A1 (fr)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7460498B2 (en) 2003-12-04 2008-12-02 Adtran, Inc. System and method for detecting anomalies along telecommunication lines
FR2932639B1 (fr) 2008-06-12 2010-08-20 Alcatel Lucent Detection d'anomalie de trafic emis par un terminal mobile dans un reseau de radiocommunication
CN105577403A (zh) * 2014-10-14 2016-05-11 中兴通讯股份有限公司 基于频繁路径的告警相关性数据挖掘方法和装置
EP3635932B1 (fr) 2017-06-09 2023-03-29 British Telecommunications public limited company Détection d'anomalie améliorée dans des réseaux informatiques
US11811801B2 (en) 2019-08-21 2023-11-07 Nokia Solutions And Networks Oy Anomaly detection for microservices

Also Published As

Publication number Publication date
WO2024157120A1 (fr) 2024-08-02

Similar Documents

Publication Publication Date Title
US12592862B2 (en) Machine learning (ML) model management in 5G core network
US20240356815A1 (en) Machine Learning (ML) Model Retraining in 5G Core Network
US10375617B2 (en) Mobile application testing engine
EP4588222A1 (fr) Détection et isolation d'anomalies opérationnelles dans des réseaux de communication multi-domaines
US20250211967A1 (en) Methods for exposure of data/analytics of a communication network in roaming scenario
US10721707B2 (en) Characterization of a geographical location in a wireless network
EP4483613A1 (fr) Optimisation de trafic sensible à l'encombrement dans des réseaux de communication
WO2024074881A1 (fr) Procédé et système de sélection de caractéristiques pour prédire des performances d'application
US20250184233A1 (en) Registration of machine learning (ml) model drift monitoring
EP4695736A1 (fr) Prise de décision basée sur des interdépendances entre différents niveaux liés à une anomalie dans un réseau de communication
CN115866634A (zh) 一种网络性能异常分析方法、装置及可读存储介质
US20250286796A1 (en) Enhanced reporting of quality-of-experience (qoe) measurements
US20250016072A1 (en) Detecting network function capacity deviations in 5g networks
WO2024038300A1 (fr) Apprentissage automatisé de modèles de qualité de service
WO2024023555A1 (fr) Gestion de ressources de réseau de communication par session d'utilisateur sur la base d'une qualité d'expérience d'utilisateur (qoe)
EP4655926A1 (fr) Détection et isolement d'anomalies dans des réseaux de communication multidomaine sur la base de motifs fréquents
US20260106799A1 (en) Managing service-level energy efficiency in a communication network
Algar et al. A quality of experience management framework for mobile users
US20240357380A1 (en) Managing decentralized autoencoder for detection or prediction of a minority class from an imbalanced dataset
EP4623565A1 (fr) Analyse de réseau de communication
WO2025115024A1 (fr) Synthèse de données en série chronologique représentatives d'un réseau de communication
WO2025219747A1 (fr) Génération d'analyse de réseau à l'aide de modèles génériques associés à une grappe
WO2025078859A1 (fr) Découpage en tranches de réseau sur la base de la qualité de service d'utilisateur final
WO2025181520A1 (fr) Augmentation de données d'entraînement
Hernández et al. Beyond NWDAF Services for Comprehensive 5G Network Analytics and Orchestration

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20250805

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC ME MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)