×

Methods, Devices and Computer Program Products for Actionable Alerting of Malevolent Network Addresses Based on Generalized Traffic Anomaly Analysis of IP Address Aggregates

  • US 20120117254A1
  • Filed: 11/05/2010
  • Published: 05/10/2012
  • Est. Priority Date: 11/05/2010
  • Status: Active Grant
First Claim
Patent Images

1. A method for providing alerts in a network, the method comprising:

  • collecting network traffic data corresponding to a plurality of subsets of network addresses during a predefined time interval;

    generating an event alert corresponding to anomalous network activity based on the network traffic and using at least one of a plurality of anomaly detection metrics;

    identifying a suspect subset of the plurality of subsets of network addresses that corresponds to anomalous network activity using an odds ratio test on results from the at least one of the plurality of anomaly detection metrics; and

    identifying a source network address within the suspect subset of network addresses that corresponds to the anomalous network activity.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×