×

NETWORK ACTIVITY ANOMALY DETECTION

  • US 20090180391A1
  • Filed: 01/16/2008
  • Published: 07/16/2009
  • Est. Priority Date: 01/16/2008
  • Status: Abandoned Application
First Claim
Patent Images

1. A method for determining whether anomalous activity exists on a network, comprising:

  • receiving a packet from the network, the packet including one or more fields;

    determining a classification of the packet based on the one or more fields;

    incrementing, based on the classification, a first counter of one or more counters associated with detecting the anomalous activity;

    determining, based on the incrementing, an activity metric associated with the one or more counters wherein the activity metric is anticipated to fall within a threshold; and

    determining whether the anomalous activity exists on the network based on whether the activity metric falls within the threshold.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×