Visibility of Non-Benign Network Traffic
First Claim
1. A method of protecting computing devices from non-benign activity, comprising:
- receiving, in a processor of a network device, a first network traffic flow of a monitoring computing device and a malicious activity tag identifying a non-benign behavior of the first network traffic flow;
determining, in the processor of the network device, one or more characteristics of the first network traffic flow associated with the non-benign behavior;
receiving, in the processor of the network device, a second network traffic flow from a non-monitoring computing device; and
determining, by the processor of the network device, whether the second network traffic flow represents non-benign activity by comparing the one or more characteristics of the first network traffic flow associated with the non-benign activity to the second network traffic flow.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments provide methods of protecting computing devices from malicious activity. A processor of a network device may receive a first network traffic flow of a monitoring computing device and a malicious activity tag identifying a malicious behavior of the first network traffic flow. The processor may determine a characteristic of the first network traffic flow based at least in part on information in the first network traffic flow and the malicious activity tag. The processor may receive a second network traffic flow from a non-monitoring computing device, and may associate the malicious activity tag and the second network traffic flow based on a characteristic of the second network traffic flow based at least in part on information in the second network traffic flow and the characteristic of the first network traffic flow.
15 Citations
25 Claims
-
1. A method of protecting computing devices from non-benign activity, comprising:
-
receiving, in a processor of a network device, a first network traffic flow of a monitoring computing device and a malicious activity tag identifying a non-benign behavior of the first network traffic flow; determining, in the processor of the network device, one or more characteristics of the first network traffic flow associated with the non-benign behavior; receiving, in the processor of the network device, a second network traffic flow from a non-monitoring computing device; and determining, by the processor of the network device, whether the second network traffic flow represents non-benign activity by comparing the one or more characteristics of the first network traffic flow associated with the non-benign activity to the second network traffic flow. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A network device, comprising:
a processor configured with processor-executable instructions to; receive a first network traffic flow of a monitoring computing device and a malicious activity tag identifying a non-benign behavior of the first network traffic flow; determine one or more characteristics of the first network traffic flow associated with the non-benign behavior; receive a second network traffic flow from a non-monitoring computing device; and determine whether the second network traffic flow represents non-benign activity by comparing the one or more characteristics of the first network traffic flow associated with the non-benign activity to the second network traffic flow. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
17. A network device, comprising:
-
means for receiving a first network traffic flow of a monitoring computing device and a malicious activity tag identifying a non-benign behavior of the first network traffic flow; means for determining one or more characteristics of the first network traffic flow associated with the non-benign behavior; means for receiving a second network traffic flow from a non-monitoring computing device; and means for determining whether the second network traffic flow represents non-benign activity by comparing the one or more characteristics of the first network traffic flow associated with the non-benign activity to the second network traffic flow.
-
-
18. A non-transitory processor readable storage medium having stored thereon processor-executable instructions configured to cause a processor of a network device to perform operations comprising:
-
receiving a first network traffic flow of a monitoring computing device and a malicious activity tag identifying a non-benign behavior of the first network traffic flow; determining one or more characteristics of the first network traffic flow associated with the non-benign behavior; receiving a second network traffic flow from a non-monitoring computing device; and determining whether the second network traffic flow represents non-benign activity by comparing the one or more characteristics of the first network traffic flow associated with the non-benign activity to the second network traffic flow. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
-
Specification