Network surveillance
First Claim
Patent Images
1. Method for performing network surveillance, said method comprising the steps of:
- receiving a plurality of network packets handled by a network entity;
building at least one statistical profile from at least one measure of said plurality of network packets; and
analyzing said at least one statistical profile to detect suspicious network activity.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and a least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the statistical profiles is used to determine whether the difference between the statistical profiles indicates suspicious network activity.
-
Citations
20 Claims
-
1. Method for performing network surveillance, said method comprising the steps of:
-
receiving a plurality of network packets handled by a network entity;
building at least one statistical profile from at least one measure of said plurality of network packets; and
analyzing said at least one statistical profile to detect suspicious network activity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer-readable medium having stored thereon a plurality of instructions, the plurality of instructions including instructions which, when executed by a processor, cause the processor to perform the steps comprising of:
-
receiving a, plurality of network packets handled by a network entity;
building at least one statistical profile from at least one measure of said plurality of network packets; and
analyzing said at least one statistical profile to detect suspicious network activity.
-
-
20. Apparatus for performing network surveillance, said apparatus comprising:
-
means for receiving a plurality of network packets handled by a network entity;
means for building at least one statistical profile from at least one measure of said plurality of network packets; and
means for analyzing said at least one statistical profile to detect suspicious network activity.
-
Specification