SYSTEMS, METHODS, ANE MEDIA FOR DETECTING NETWORK ANOMALIES
First Claim
1. A method for detecting network anomalies, the method comprising:
- receiving a training dataset of communication protocol messages having argument strings;
determining a content and a structure associated with each of the argument strings;
training a probabilistic model using the determined content and structure of each of the argument strings;
receiving a communication protocol message having an argument string that is transmitted from a first processor to a second processor across a computer network;
comparing the received communication protocol message to the probabilistic model; and
determining whether the communication protocol message is anomalous.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods, and media for detecting network anomalies are provided. In some embodiments, a training dataset of communication protocol messages having argument strings is received. The content and structure associated with each of the argument strings is determined and a probabilistic model is trained using the determined content and structure of each of the argument strings. A communication protocol message having an argument string that is transmitted from a first processor to a second processor across a computer network is received. The received communication protocol message is compared to the probabilistic model and then it is determined whether the communication protocol message is anomalous.
-
Citations
36 Claims
-
1. A method for detecting network anomalies, the method comprising:
-
receiving a training dataset of communication protocol messages having argument strings; determining a content and a structure associated with each of the argument strings; training a probabilistic model using the determined content and structure of each of the argument strings; receiving a communication protocol message having an argument string that is transmitted from a first processor to a second processor across a computer network; comparing the received communication protocol message to the probabilistic model; and determining whether the communication protocol message is anomalous. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for detecting network anomalies, the system comprising:
a processor that; receives a training dataset of communication protocol messages having argument strings; determines a content and a structure associated with each of the argument strings; trains a probabilistic model using the determined content and structure of each of the argument strings; receives a communication protocol message having an argument string that is transmitted from a first processor to a second processor across a computer network; compares the received communication protocol message to the probabilistic model; and determines whether the communication protocol message is anomalous. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
25. A non-transitory computer-readable medium containing computer-executable instructions that, when executed by a processor, cause the processor to perform a method for detecting network anomalies, the method comprising:
-
receiving a training dataset of communication protocol messages having argument strings; determining a content and a structure associated with each of the argument strings; training a probabilistic model using the determined content and structure of each of the argument strings; receiving a communication protocol message having an argument string that is transmitted from a first processor to a second processor across a computer network; comparing the received communication protocol message to the probabilistic model; and determining whether the communication protocol message is anomalous. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification