System and method for traffic analysis
First Claim
Patent Images
1. A system for analyzing network traffic comprising:
- a plurality of subscriber units and a default router default router interconnected by a network, said network operable to direct routed traffic to an appropriate subscriber unit and further operable to direct unrouted traffic to said default router default route generator; and
an analyzer connected to said default router default router for determining patterns of activity within said unrouted traffic.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides a system and method for traffic analysis. Embodiments can be used to detect malevolent network activity such as worms, viruses, denial of service attacks, and unauthorized network routing. Upon detecting the activity, steps can then be taken to halt the spread and/or remove the malevolent network activity, thereby adding protection from such activity to the network. Other network activity of interest can also be detected.
95 Citations
58 Claims
-
1. A system for analyzing network traffic comprising:
-
a plurality of subscriber units and a default router default router interconnected by a network, said network operable to direct routed traffic to an appropriate subscriber unit and further operable to direct unrouted traffic to said default router default route generator; and
an analyzer connected to said default router default router for determining patterns of activity within said unrouted traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A traffic analyzer comprising:
-
an interface for connecting to a network, said network operable to interconnect a plurality of subscriber units, said network further operable to direct routed traffic to an appropriate subscriber unit and further operable to direct unrouted traffic to said interface; and
,a processing means connected to said interface, said processing means operable to determine patterns of activity within said unrouted traffic. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. A default router for connecting to a network that interconnects a plurality of subscriber units;
- said network operable to direct routed traffic in said network to an appropriate subscriber unit;
said default router operable to instruct said network to direct unrouted traffic to said default route generator. - View Dependent Claims (35)
- said network operable to direct routed traffic in said network to an appropriate subscriber unit;
-
36. A network routing table for use in association with a network that interconnects a plurality of subscriber units;
- said network operable to access said network routing table to direct routed traffic in said network to an appropriate subscriber unit;
said network further operable to access said network routing table to direct unrouted traffic in said network to a traffic analyzer.
- said network operable to access said network routing table to direct routed traffic in said network to an appropriate subscriber unit;
-
37. A method of analyzing traffic in a network comprising the steps of:
-
receiving traffic from at least one of a plurality of subscriber units interconnected by said network;
delivering said traffic to a destination subscriber unit if said traffic is routed;
analyzing said traffic for patterns of activity in said traffic if said traffic is unrouted. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
-
-
55. A system comprising:
-
means for receiving network traffic from at least one subscriber unit coupled to a network; and
means for detecting an infection problem on said subscriber unit with use of said received network traffic. - View Dependent Claims (56)
-
-
57. A system for analyzing network traffic comprising:
-
a network;
a plurality of subscriber units connected to said network;
a default router connected to said network;
a network router for directing traffic that is;
addressed to one of said subscriber units to a corresponding said subscriber unit; and
unaddressed to any said subscriber unit to said default route generator;
an analyzer connected to said default router for determining patterns of activity within traffic directed to said default route generator.
-
-
58. A method of analyzing traffic comprising the steps of:
-
receiving unrouted network traffic originating from at least one of a plurality of subscriber units; and
,analyzing said traffic for patterns of activity in said traffic.
-
Specification