Methods and systems for detecting abnormal digital traffic
First Claim
1. A method for detecting abnormal network traffic comprising:
- assigning characterizations of-network behaviors according to knowledge nodes, said knowledge nodes comprising a characterization model based on prior network information, wherein at least one knowledge node is not based on fixed thresholds or signatures; and
calculating a confidence value based on the characterizations from at least one knowledge node and on weighting factors associated with the knowledge nodes, wherein the confidence value comprises a quantification of the degree of confidence that the network behaviors constitute abnormal network traffic.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments encompassing methods and systems for detecting abnormal digital traffic are disclosed. The method comprises the steps of assigning characterizations of network behaviors according to knowledge nodes and calculating a confidence value based on the characterizations from at least one knowledge node and on weighting factors associated with the knowledge nodes. The knowledge nodes comprise a characterization model based on prior network information. At least one of the knowledge nodes should not be based on fixed thresholds or signatures. The confidence value comprises a quantification of the degree of confidence that the network behaviors constitute abnormal network traffic. The system comprises sensors to detect network events, a program on a computer-readable medium, and a processing device to execute the program,.wherein a network behavior comprises at least one network event. The program comprises at least one knowledge node to assign characterizations of network behaviors and at least one hypothesis node to calculate a confidence value based on the characterizations from at least one knowledge node.
101 Citations
22 Claims
-
1. A method for detecting abnormal network traffic comprising:
-
assigning characterizations of-network behaviors according to knowledge nodes, said knowledge nodes comprising a characterization model based on prior network information, wherein at least one knowledge node is not based on fixed thresholds or signatures; and
calculating a confidence value based on the characterizations from at least one knowledge node and on weighting factors associated with the knowledge nodes, wherein the confidence value comprises a quantification of the degree of confidence that the network behaviors constitute abnormal network traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system for detecting abnormal traffic comprising:
-
a. sensors to detect network events, wherein a network behavior comprises at least one network event;
b. a program on a computer-readable medium, wherein the program comprises;
i. at least one knowledge node to assign characterizations of network behaviors, each knowledge node comprising a characterization model based on prior network information, wherein at least one of the knowledge nodes is not based on fixed thresholds or signatures;
ii. at least one hypothesis node to calculate a confidence value based on the characterizations from at least one knowledge node, each hypothesis node comprising a weighting factor for associated knowledge nodes, wherein the confidence value comprises a quantification of the degree of confidence that the network behaviors constitute abnormal network traffic; and
c. a processing device to execute the program. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification