SYSTEM AND PROCESS FOR DETECTING ANOMALOUS NETWORK TRAFFIC
First Claim
1. A process for detecting anomalous network traffic in a communications network, the process including:
- generating reference address distribution data representing a statistical distribution of source addresses of packets received over a first time period, the received packets being considered to represent normal network traffic;
generating second address distribution data representing a statistical distribution of source addresses of packets received over a second time period; and
determining whether the packets received over the second time period represent normal network traffic on the basis of a comparison of the second address distribution data and the reference address distribution data.
1 Assignment
0 Petitions
Accused Products
Abstract
A process for detecting anomalous network traffic in a communications network, the process including: generating reference address distribution data representing a statistical distribution of source addresses of packets received over a first time period, the received packets being considered to represent normal network traffic; generating second address distribution data representing a statistical distribution of source addresses of packets received over a second time period; and determining whether the packets received over the second time period represent normal network traffic on the basis of a comparison of the second address distribution data and the reference address distribution data.
-
Citations
25 Claims
-
1. A process for detecting anomalous network traffic in a communications network, the process including:
-
generating reference address distribution data representing a statistical distribution of source addresses of packets received over a first time period, the received packets being considered to represent normal network traffic; generating second address distribution data representing a statistical distribution of source addresses of packets received over a second time period; and determining whether the packets received over the second time period represent normal network traffic on the basis of a comparison of the second address distribution data and the reference address distribution data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A system for detecting anomalous network traffic in a communications network, the system including:
-
a source address distribution generator for generating; reference address distribution data representing a statistical distribution of source addresses of packets received over a first time period, the received packets being considered to represent normal network traffic; and second address distribution data representing a statistical distribution of source addresses of packets received over a second time period; and a network traffic assessment component for determining whether the packets received over the second time period represent normal network traffic on the basis of a comparison of the second address distribution data and the reference address distribution data. - View Dependent Claims (24, 25)
-
Specification