SYSTEMS AND METHODS FOR FORENSIC ANALYSIS OF NETWORK BEHAVIOR
First Claim
1. A method for analyzing a data stream in a computer network, the method comprising the steps of:
- providing a computer network having a data stream;
calculating a current consistency quotient by analyzing the data stream;
comparing the current consistency quotient against a previously stored consistency quotient to determine a consistency value between the currency consistency quotient and the previously stored consistency quotient;
combining the current consistency quotient and the previously stored consistency quotient to create a new consistency quotient.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods monitor and manage computer network traffic and identify a status of normality or consistency of the traffic on a per user, per interne protocol address or MAC address basis. More specifically, the systems and methods determine, with degrees of significance, the abnormality or inconsistency of network traffic from a user, IP address or MAC address based on a comparison of said network traffic to previous network traffic from the same location. Moreover, the systems and methods monitor and manage the network traffic whereby, after an anomaly has occurred, network traffic is tagged as suspicious and thereafter is flagged for forensic study and placed in storage. In addition, the systems and methods report tagged traffic and alert administrators of a breach or violation in the computer network.
-
Citations
20 Claims
-
1. A method for analyzing a data stream in a computer network, the method comprising the steps of:
-
providing a computer network having a data stream; calculating a current consistency quotient by analyzing the data stream; comparing the current consistency quotient against a previously stored consistency quotient to determine a consistency value between the currency consistency quotient and the previously stored consistency quotient; combining the current consistency quotient and the previously stored consistency quotient to create a new consistency quotient. - View Dependent Claims (2, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for detecting a polymorphic worm in a computer network, the method comprising the steps of:
-
providing a computer network having a first node and a second node wherein a first data stream is associated with the first node and a second data stream is associated with the second node; calculating a first consistency quotient by analyzing the first data stream associated with the first node; calculating a second consistency quotient by analyzing the second data stream associated with the second node; and combining the first consistency quotient and the second consistency quotient to form a third consistency quotient. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A system for determining a consistency in a data stream in a computer network comprising:
-
a computer network having a data stream; a current consistency quotient calculated by analyzing the data stream; a consistency value calculated by comparing the current consistency quotient against a previously stored consistency quotient; and a new consistency quotient calculated by combining the current consistency quotient and the previously stored consistency quotient. - View Dependent Claims (17, 18, 19, 20)
-
Specification