×

Flow-based detection of network intrusions

  • US 7,185,368 B2
  • Filed: 11/30/2001
  • Issued: 02/27/2007
  • Est. Priority Date: 11/30/2000
  • Status: Active Grant
First Claim
Patent Images

1. A method of analyzing network communication traffic on a data communication network for determining whether the traffic is legitimate or potential suspicious activity, comprising the steps of:

  • monitoring packet headers of packets exchanged between two hosts on the data communication network;

    based on the packet headers, determining the existence of a client/server (C/S) flow as corresponding to a predetermined plurality of packets exchanged between the two hosts that relate to a single service and is characterized by a predetermined C/S flow characteristic;

    assigning a concern index value to a determined C/S flow based upon a predetermined concern index characteristic of the C/S flow;

    maintaining an accumulated concern index comprising concern index values for one or more determined C/S flows associated with a host; and

    issuing an alarm signal in the event that the accumulated concern index for a host exceeds an alarm threshold value.

View all claims
  • 12 Assignments
Timeline View
Assignment View
    ×
    ×