×

Network traffic analysis for malware detection and performance reporting

  • US 10,440,049 B2
  • Filed: 01/19/2017
  • Issued: 10/08/2019
  • Est. Priority Date: 01/19/2017
  • Status: Active Grant
First Claim
Patent Images

1. A method, comprising:

  • receiving, by a computer system from an endpoint agent corresponding to a first endpoint node on a network, first packet information regarding a first plurality of data packets transmitted by the first endpoint node during a first time period;

    generating, by the computer system, an operating system fingerprint corresponding to a first operating system of the first endpoint node based on the first packet information;

    receiving, by the computer system from a switch agent corresponding to a data switch on the network, second packet information regarding a second plurality of data packets routed through the data switch and transmitted by the first endpoint node during a second time period;

    analyzing, by the computer system, the second packet information with respect to the operating system fingerprint to determine that the second plurality of data packets is associated with a second operating system different from the first operating system;

    based on the analyzing and the second time period occurring within a threshold amount of time from the first time period, determining, by the computer system, that a network discrepancy exists involving the first endpoint node, the network discrepancy being indicated by a change in operating systems in the first endpoint node; and

    creating, by the computer system, reporting information corresponding to the network discrepancy.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×