Virtual machine with dynamic data flow analysis
First Claim
Patent Images
1. An unauthorized activity capture system comprising:
- a tap configured to copy network data from a communication network; and
a controller coupled to the tap and configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic to determine if the network data is suspicious, flag the network data as suspicious based on the heuristic determination, and concurrently simulate transmission of the network data to a plurality of destination devices.
5 Assignments
0 Petitions
Accused Products
Abstract
A suspicious activity capture system can comprise a tap configured to copy network data from a communication network, and a controller coupled to the tap. The controller is configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic to determine if the network data is suspicious, flag the network data as suspicious based on the heuristic determination, and concurrently simulate transmission of the network data to a plurality of destination devices.
675 Citations
27 Claims
-
1. An unauthorized activity capture system comprising:
-
a tap configured to copy network data from a communication network; and a controller coupled to the tap and configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic to determine if the network data is suspicious, flag the network data as suspicious based on the heuristic determination, and concurrently simulate transmission of the network data to a plurality of destination devices. - View Dependent Claims (2, 3, 4)
-
-
5. An unauthorized activity capture system comprising:
-
a tap configured to copy network data from a communication network; and a controller configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic, retrieve a plurality of virtual machines, configure a first replayer to concurrently replicate the network data to the plurality of virtual machines, and analyze a first response by any of the plurality of virtual machines to identify unauthorized activity. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An unauthorized activity capture method comprising:
-
copying network data from a communication network; analyzing the copied network data with a heuristic to determine if the network data is suspicious; and concurrently orchestrating the transmission of the network data to a plurality of destination devices to identify unauthorized activity. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A computer readable medium comprising:
computer readable code configured to direct a processor to copy network data from a communication network, analyze the copied network data with a heuristic to determine if the network data is suspicious, and concurrently orchestrate transmission of the network data to a plurality of destination device to identify unauthorized activity. - View Dependent Claims (25, 26, 27)
Specification