System and Method For Detection of Aberrant Network Behavior By Clients of a Network Access Gateway
First Claim
1. A system for detecting aberrant network behavior by clients of a network access gateway, comprising:
- a processor;
a first network interface coupled to the processor;
a second network interface coupled to the processor;
a storage media accessible by the processor;
a set of computer instructions executable by the processor to;
observe a network communication received at the first network interface;
determine if the network communication is aberrant; and
if the network communication is determined to be aberrant, record the event to storage and perform notifications to a registered entity.
7 Assignments
0 Petitions
Accused Products
Abstract
A system and method for detecting aberrant network behavior. One embodiment provides a system of detecting aberrant network behavior behind a network access gateway comprising a processor, a first network interface coupled to the processor, a second network interface coupled to the processor, a storage media accessible by the processor and a set of computer instructions executable by the processor. The computer instructions can be executable to observe network communications arriving at the first network interface from multiple clients and determine when the traffic of a particular client is indicative of malware infection or other hostile network activity. If the suspicious network communication is determined to be of a sufficient volume, type, or duration the computer instructions can be executable to log such activity to storage media, or to notify an administrative entity via either the first network interface or second network interface, or to make the computer instructions be executable to perform other configured actions related to the functioning of the network access gateway.
-
Citations
8 Claims
-
1. A system for detecting aberrant network behavior by clients of a network access gateway, comprising:
-
a processor; a first network interface coupled to the processor; a second network interface coupled to the processor; a storage media accessible by the processor; a set of computer instructions executable by the processor to; observe a network communication received at the first network interface; determine if the network communication is aberrant; and if the network communication is determined to be aberrant, record the event to storage and perform notifications to a registered entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification