Heuristic based capture with replay to virtual machine
First Claim
Patent Images
1. An unauthorized activity capture system comprising:
- a tap configured to copy network data from a communication network; and
a controller coupled to the tap and configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic to flag the network data as suspicious, and simulate transmission of the network data to a destination device.
7 Assignments
0 Petitions
Accused Products
Abstract
A suspicious activity capture system can comprise a tap configured to copy network data from a communication network, and a controller coupled to the tap. The controller is coupled to the tap and is configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic to flag the network data as suspicious, and simulate transmission of the network data to a destination device.
-
Citations
26 Claims
-
1. An unauthorized activity capture system comprising:
-
a tap configured to copy network data from a communication network; and
a controller coupled to the tap and configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic to flag the network data as suspicious, and simulate transmission of the network data to a destination device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An unauthorized activity capture system comprising:
-
a tap configured to copy network data from a communication network; and
a controller configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic, retrieve a virtual machine, configure a replayer to replicate the network data to the virtual machine, and identify unauthorized activity by analyzing a response from the virtual machine to the network data. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. An unauthorized activity capture method comprising:
-
copying network data from a communication network;
analyzing the copied network data with a heuristic to flag the network data as suspicious; and
orchestrating the transmission of the network data to a destination device to identify unauthorized activity. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A computer readable medium comprising:
computer readable code configured to direct a processor to copy network data from a communication network, analyze the copied network data with a heuristic to flag the network data as suspicious, and orchestrate transmission of the network data to a destination device to identify unauthorized activity. - View Dependent Claims (26)
Specification