Method of Detecting Anomalous Behaviour in a Computer Network
First Claim
1. Method of authenticating a user in a computer network in which network packets are transmitted, using an authentication module, including the steps of receiving kernel events requesting a connection, modifying the kernel events, transmitting the modified kernel events to a kernel of the operating system, generating connection and authentication information in the kernel, and sending authentication packets with the authentication information and connection request packets.
1 Assignment
0 Petitions
Accused Products
Abstract
Method of detecting anomalous behaviour in a computer network comprising the steps of—monitoring network traffic flowing in a computer network system,—authenticating users to which network packets of the network traffic are associated,—extracting parameters associated to the network packets for each user, said parameters including at least the type (T) of network services,—forming symbols based on a combination of one or more of said parameters, and—modelling and analysing individual user behavior based on sequences of occurrence of said symbols (S).
240 Citations
26 Claims
- 1. Method of authenticating a user in a computer network in which network packets are transmitted, using an authentication module, including the steps of receiving kernel events requesting a connection, modifying the kernel events, transmitting the modified kernel events to a kernel of the operating system, generating connection and authentication information in the kernel, and sending authentication packets with the authentication information and connection request packets.
-
9. Method of detecting anomalous behaviour in a computer network comprising the steps of:
-
monitoring network traffic flowing in a computer network system, authenticating users to which network packets of the network traffic are associated, extracting parameters associated to the network packets for each user, said parameters including at least the type (T) of network services, forming symbols based on a combination of one or more of said parameters, and modelling and analysing individual user behaviour based on sequences of occurrence of said symbols (S). - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification