Methods for identifying self-replicating threats using historical data
First Claim
1. A computer-implemented method of ascertaining an infected node in a network of nodes, comprising:
- providing a repository for storing network flow data among at least a plurality of said nodes, said repository being operatively coupled to said network to permit said repository to acquire said network flow data;
storing at said repository first network flow data among said at least a plurality of nodes, said first network flow data including a plurality of source addresses and corresponding destination addresses for a plurality of data flows; and
analyzing said first network flow data at said repository to ascertain communication abnormalities that indicate whether any of said plurality of nodes is infected.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method of ascertaining an infected node in a network of nodes. The computer-implemented method includes providing a repository for storing network flow data among at least a plurality of the nodes. The repository is operatively coupled to the network to permit the repository to acquire the network flow data. The computer-implemented method also includes storing at the repository first network flow data among the at least a plurality of nodes. The first network flow data includes a plurality of source addresses and corresponding destination addresses for a plurality of data flows. The computer-implemented method further includes analyzing the first network flow data at the repository to ascertain communication abnormalities that indicate whether any of the plurality of nodes is infected.
-
Citations
28 Claims
-
1. A computer-implemented method of ascertaining an infected node in a network of nodes, comprising:
-
providing a repository for storing network flow data among at least a plurality of said nodes, said repository being operatively coupled to said network to permit said repository to acquire said network flow data;
storing at said repository first network flow data among said at least a plurality of nodes, said first network flow data including a plurality of source addresses and corresponding destination addresses for a plurality of data flows; and
analyzing said first network flow data at said repository to ascertain communication abnormalities that indicate whether any of said plurality of nodes is infected. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. An article of manufacture comprising a program storage medium having computer readable code embodied therein, said computer readable code being configured to ascertain an infected node in a network of nodes, comprising:
-
computer readable code for storing at a repository first network flow data among said at least a plurality of nodes, said first network flow data including a plurality of source addresses and corresponding destination addresses for a plurality of data flows; and
computer readable code for analyzing said first network flow data at said repository to ascertain communication abnormalities that indicate whether any of said plurality of nodes is infected. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A network of nodes having threat diagnostic capability for ascertaining an infected node in said network of nodes, comprising:
-
a repository operatively coupled to said network to permit said repository to acquire said network flow data;
logic circuitry for storing at said repository first network flow data among at least a plurality of nodes of said nodes, said first network flow data including a plurality of source addresses and corresponding destination addresses for a plurality of data flows; and
logic circuitry for analyzing said first network flow data at said repository to ascertain communication abnormalities that indicate whether any of said plurality of nodes is infected. - View Dependent Claims (25, 26, 27, 28)
-
Specification