Centralized Analysis and Management of Network Packets
First Claim
1. A computer-readable storage medium having computer-executable instructions stored thereon that, when executed by a computer, cause the computer to:
- store a plurality of packets as identified by a plurality of packet-detecting devices within at least one network;
define at least one baseline behavior pattern applicable to behavior of the network;
define at least one threshold applicable to deviation of the behavior of the network from the baseline behavior pattern;
performing a centralized analysis of the packets to identify at least one deviation in the behavior patterns that exceed the threshold; and
identify at least one attack against the network, as exhibited by the deviations.
1 Assignment
0 Petitions
Accused Products
Abstract
This description provides tools and techniques for centralized analysis and management of network packets. These tools may provide methods that include storing network packets as identified by packet-detecting devices within networks. These methods may also define baseline behavior patterns applicable to the network, as well as thresholds applicable to deviations in network behavior, relative to the baseline behavior patterns. These methods may also identify attacks against the network, as exhibited by deviations in the behavior patterns that exceed the threshold.
-
Citations
20 Claims
-
1. A computer-readable storage medium having computer-executable instructions stored thereon that, when executed by a computer, cause the computer to:
-
store a plurality of packets as identified by a plurality of packet-detecting devices within at least one network; define at least one baseline behavior pattern applicable to behavior of the network; define at least one threshold applicable to deviation of the behavior of the network from the baseline behavior pattern; performing a centralized analysis of the packets to identify at least one deviation in the behavior patterns that exceed the threshold; and identify at least one attack against the network, as exhibited by the deviations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A centralized packet analysis system for offloading, from a plurality of network elements, overhead associated with analyzing a plurality of identified packets to identify deviations in behavior within at least one network, the system comprising:
-
means for receiving the packets as identified by the network elements; means for defining at least one baseline behavior pattern applicable to behavior of the network; means for defining at least one threshold applicable to deviation of the behavior of the network from the baseline behavior pattern; means for performing a centralized analysis of the packets to identify at least one deviation in the behavior patterns that exceed the threshold; and means for identifying at least one attack against the network, as exhibited by the deviations. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification