Method of analysing anomalous network traffic

Abstract

A computer-implemented method of analysing anomalous network traffic in a telecommunications network, said telecommunications network comprising a plurality of network entities () and a security analyser (-), wherein the method comprises the steps of: receiving at the security analyser a network communication from a first network entity; identifying the first network entity; by means of the security analyser: analysing the network communication and/or a performance of the first network entity thereby to identify the network communication as an anomalous communication (); in response to identifying the network communication as an anomalous communication, communicating an instruction to the identified first network entity to respond with origin information regarding the anomalous communication, wherein the origin information identifies a preceding network entity from which the anomalous communication was directly received by the first network entity (); and commencing with the preceding network entity, iteratively communicating an instruction to a preceding network entity to respond with origin information for identifying another preceding network entity from which the anomalous communication was directly received until a source network entity from which the anomalous communication originated is identified (; and applying a security policy to the identified source network entity ().