Methods and systems for detecting abnormal digital traffic
First Claim
Patent Images
1. A method for detecting abnormal network traffic comprising:
- providing at least one knowledge node comprising a characterization model utilizing decision-making techniques from engineering statistics based on prior network information and not based on fixed thresholds or signatures;
assigning characterizations of network behaviors according to the characterization models of the at least one knowledge nodes; and
calculating a confidence value quantifying the degree of confidence that the network behaviors constitute abnormal traffic, the confidence value being based on the characterizations from the at least one knowledge node and on weighting factors associated with the knowledge nodes;
wherein said assigning and said calculating are executed by a processing device.
2 Assignments
0 Petitions
Accused Products
Abstract
Aspects of the present invention encompass methods and systems for detecting abnormal digital traffic by assigning characterizations of network behaviors according to knowledge nodes and calculating a confidence value based on the characterizations from at least one knowledge node and on weighting factors associated with the knowledge nodes. The knowledge nodes include a characterization model based on prior network information. At least one of the knowledge nodes should not be based on fixed thresholds or signatures. The confidence value includes a quantification of the degree of confidence that the network behaviors constitute abnormal network traffic.
41 Citations
22 Claims
-
1. A method for detecting abnormal network traffic comprising:
-
providing at least one knowledge node comprising a characterization model utilizing decision-making techniques from engineering statistics based on prior network information and not based on fixed thresholds or signatures; assigning characterizations of network behaviors according to the characterization models of the at least one knowledge nodes; and calculating a confidence value quantifying the degree of confidence that the network behaviors constitute abnormal traffic, the confidence value being based on the characterizations from the at least one knowledge node and on weighting factors associated with the knowledge nodes; wherein said assigning and said calculating are executed by a processing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system for detecting abnormal traffic comprising:
-
a. sensors to detect network events, wherein a network behavior comprises at least one network event; b. a program on a computer-readable medium, the program comprising; i. at least one knowledge node assigning characterizations of network behaviors, each knowledge node comprising a characterization model utilizing decision-making techniques from engineering statistics based on prior network information and not based on fixed thresholds or signatures; ii. at least one hypothesis node calculating a confidence value based on the characterizations from the at least one knowledge node, each hypothesis node comprising a weighting factor for associated knowledge nodes, the confidence value comprising a quantification of the degree of confidence that the network behaviors constitute abnormal network traffic; and c. a processing device to execute the program. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification