Methods, media, and systems for securing communications between a first node and a second node
First Claim
Patent Images
1. A method for securing communications between a first node and a second node, comprising:
- receiving via a network interface at least one model of behavior of the second node at least one hardware processor of the first node, which the at least one model of behavior of the second node was generated by a node other than the first node and which at least one model of behavior of the second node represents a payload profile of normal traffic of the second node;
determining, using the at least one hardware processor of the first node, how similar are the at least one model of behavior of the second node and at least one model of behavior of the first node, which at least one model of behavior of the first node represents a payload profile of normal traffic of the first node; and
checking whether a distance between input traffic from the second node and one of at least one model of behavior of the first node is below a first threshold.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods, media, and systems for securing communications between a first node and a second node are provided. In some embodiments, methods for securing communication between a first node and a second node are provided. The methods comprising: receiving at least one model of behavior of the second node at the first node; and authorizing the first node to receive traffic from the second node based on the difference between the at least one model of behavior of the second node and at least one model of behavior of the first node.
86 Citations
18 Claims
-
1. A method for securing communications between a first node and a second node, comprising:
-
receiving via a network interface at least one model of behavior of the second node at least one hardware processor of the first node, which the at least one model of behavior of the second node was generated by a node other than the first node and which at least one model of behavior of the second node represents a payload profile of normal traffic of the second node; determining, using the at least one hardware processor of the first node, how similar are the at least one model of behavior of the second node and at least one model of behavior of the first node, which at least one model of behavior of the first node represents a payload profile of normal traffic of the first node; and checking whether a distance between input traffic from the second node and one of at least one model of behavior of the first node is below a first threshold. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A device that secures communications between a first node and a second node, comprising:
-
an interface in communication with a network; a memory; and a processor in communication with the memory and the interface;
wherein the processor;receives via a network interface at least one model of behavior of the second node, which the at least one model of behavior of the second node was generated by a node other than the first node and which at least one model of behavior of the second node represents a payload profile of normal traffic of the second node; determines how similar are the at least one model of behavior of the second node and at least one model of behavior of the first node, which at least one model of behavior of the first node represents a payload profile of normal traffic of the first node; and checks whether a distance between input traffic from the second. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable medium containing computer executable instructions that, when executed by a processor of a first node, cause the processor to perform a method for securing communications between the first node and a second node, comprising:
-
receiving, via a network interface at least one model of behavior of the second node, which the at least one mode of behavior of the second node was generated by a node other than the first node and which at least one model of behavior of the second node represents a payload profile of normal traffic of the second node; determining how similar are the at least one model of behavior of the second node and at least one model of behavior of the first node, which at least one model of behavior of the first node represents a payload profile of normal traffic of the first node; and
checking whether a distance between input traffic from the second node and one of the at least one model of behavior of the first node is below a first threshold. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification