SYSTEM AND METHOD OF DETERMINING MALICIOUS PROCESSES
First Claim
1. A method comprising:
- capturing data from a first capturing agent at a physical layer within a network, a second capturing agent at a hypervisor layer of the network and a third capturing agent at a virtual layer of the network;
developing, based on the data, a lineage for a process associated with network activity; and
based on the lineage, identifying an anomaly within the network.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods, and computer-readable media for managing compromised sensors in multi-tiered virtualized environments. A method includes determining a lineage for a process within the network and then evaluating, through knowledge of the lineage, the source of the command that initiated the process. The method includes capturing data from a plurality of capture agents at different layers of a network, each capture agent of the plurality of capture agents configured to observe network activity at a particular location in the network, developing, based on the data, a lineage for a process associated with the network activity and, based on the lineage, identifying an anomaly within the network.
121 Citations
20 Claims
-
1. A method comprising:
-
capturing data from a first capturing agent at a physical layer within a network, a second capturing agent at a hypervisor layer of the network and a third capturing agent at a virtual layer of the network; developing, based on the data, a lineage for a process associated with network activity; and based on the lineage, identifying an anomaly within the network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a processor; and a computer-readable storage medium storing instructions which, when executed by the processor, cause the processor to perform operations comprising; capturing data from a first capturing agent at a physical layer within a network, a second capturing agent at a hypervisor layer of the network and a third capturing agent at a virtual layer of the network; developing, based on the data, a lineage for a process associated with network activity; and based on the lineage, identifying an anomaly within the network. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer-readable storage device storing instructions which, when executed by a processor, cause the processor to perform operations comprising:
-
capturing data from a first capturing agent at a physical layer within a network, a second capturing agent at a hypervisor layer of the network and a third capturing agent at a virtual layer of the network; developing, based on the data, a lineage for a process associated with network activity; and based on the lineage, identifying an anomaly within the network. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification