Method for the detection and visualization of anomalous behaviors in a computer network
First Claim
Patent Images
1. A method for the detection of anomalous behaviors in a computer network, comprising the steps of:
- collecting data over a defined period of time relating to a set of connections comprising a plurality of connections initiated by components in the network including connections that occurred over said defined period of time, said components selected from any one or more of a group including users, nodes and applications, said data including data identifying components, applications and destination ports,sending said data to an anomaly detection system (ADS) platform,computing from said data a multidimensional chart displaying said components, applications, and destination ports in the form of icons along separate and essentially parallel axes, where the related components, applications and destination ports are interlinked between adjacent axes with lines to visualize the set of connections.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for the detection of anomalous behaviors in a computer network, comprising the steps of:
- collecting data relating to connections in a plurality of nodes in a network,
- sending the data from said nodes to an ADS platform,
- computing from said data at least one value representative of the anomaly level of the connections of each said node and/or of applications initiating said connections and/or of users,
- computing a multidimensional chart for visualizing the behavior of a plurality of nodes, applications and/or users in said network, wherein said value representative of the anomaly level is used as a dimension in said chart.
128 Citations
7 Claims
-
1. A method for the detection of anomalous behaviors in a computer network, comprising the steps of:
-
collecting data over a defined period of time relating to a set of connections comprising a plurality of connections initiated by components in the network including connections that occurred over said defined period of time, said components selected from any one or more of a group including users, nodes and applications, said data including data identifying components, applications and destination ports, sending said data to an anomaly detection system (ADS) platform, computing from said data a multidimensional chart displaying said components, applications, and destination ports in the form of icons along separate and essentially parallel axes, where the related components, applications and destination ports are interlinked between adjacent axes with lines to visualize the set of connections. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification