System and method for information assurance based on thermal analysis techniques

US 8,091,093 B2
Filed: 10/06/2008
Issued: 01/03/2012
Est. Priority Date: 10/05/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method for information assurance, comprising:

receiving an anomalous event parameter;

receiving a plurality of network events from a network;

associating each of the network events with a timestamp;

classifying each of the network events into at least one of a plurality of cycles, based, at least in part, on the timestamp;

forming an ergodic routing matrix and its associated set of rates corresponding to the plurality of network events;

forming a dynamical state probability distribution corresponding to the plurality of network events;

computing a discrete martingale for the plurality of network events;

computationally determining whether or not a network event of the plurality is anomalous, based, at least in part, on the anomalous event parameter; and

at least one of storing the determination to a computer readable medium or displaying the determination.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for network security are disclosed. Embodiments of the present invention include a scalable, real-time solution to complement existing security systems and detect unusual activity. Embodiments of the present invention leverage the scale and complexity of networks and use the principles of statistical physics and thermodynamics to define thermal properties like entropy, temperature and energy for network states and changes in the properties as packets move through the network.

19 Citations

View as Search Results

18 Claims

1. A computer-implemented method for information assurance, comprising:
- receiving an anomalous event parameter;
  
  receiving a plurality of network events from a network;
  
  associating each of the network events with a timestamp;
  
  classifying each of the network events into at least one of a plurality of cycles, based, at least in part, on the timestamp;
  
  forming an ergodic routing matrix and its associated set of rates corresponding to the plurality of network events;
  
  forming a dynamical state probability distribution corresponding to the plurality of network events;
  
  computing a discrete martingale for the plurality of network events;
  
  computationally determining whether or not a network event of the plurality is anomalous, based, at least in part, on the anomalous event parameter; and
  
  at least one of storing the determination to a computer readable medium or displaying the determination.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A computer-implemented method, as in claim 1, wherein the method is repeatedly performed in substantially real-time.
  - 3. A computer-implemented method, as in claim 1, wherein the network operates at least ten gigabits per second.
  - 4. A computer-implemented method, as in claim 1, wherein the timestamp has at least 64 bits.
  - 5. A computer-implemented method, as in claim 1, wherein the anomalous event parameter is expressed as a percentage.
  - 6. A computer-implemented method, as in claim 1, further comprising applying tree logic to produce a pair of leaf nodes corresponding to origin and destination data of each of the network events.
  - 7. A computer-implemented method, as in claim 1, wherein computationally determining is based, at least in part, on an Azuma-Hoeffding inequality.
  - 8. A computer-implemented method, as in claim 1, further comprising drilling down in a display.
  - 9. A computer-implemented method, as in claim 1, wherein the discrete martingale is computed for data that is first processed with the aid of a node database.

10. A computerized system for information assurance, comprising:
- a processor;
  
  a computer readable medium coupled to the processor;
  
  computer readable instructions encoded on the computer readable medium to;
  
  receive an anomalous event parameter;
  
  receive a plurality of network events from a network;
  
  associate each of the network events with a timestamp;
  
  classify each of the network events into at least one of a plurality of cycles, based, at least in part, on the timestamp;
  
  form an ergodic routing matrix and its associated set of rates corresponding to the plurality of network events;
  
  form a dynamical state probability distribution corresponding to the plurality of network events;
  
  compute a discrete martingale for the plurality of network events;
  
  computationally determine whether or not a network event of the plurality is anomalous, based, at least in part, on the anomalous event parameter; and
  
  at least one of store the determination to the computer readable medium or display the determination on a monitor.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. A computerized system, as in claim 10, wherein the computer readable instructions are configured to be repeatedly performed in substantially real-time.
  - 12. A computerized system, as in claim 10, wherein the network is configured to operate at at least ten gigabits per second.
  - 13. A computerized system, as in claim 10, wherein the timestamp has at least 64 bits.
  - 14. A computerized system, as in claim 10, wherein the anomalous event parameter is expressed as a percentage.
  - 15. A computerized system, as in claim 10, wherein the computer readable instructions further comprise instructions to apply tree logic to produce a pair of leaf nodes corresponding to origin and destination data of each of the network events.
  - 16. A computerized system, as in claim 10, wherein the computer readable instructions to computationally determine are based, at least in part, on an Azuma-Hoeffding inequality.
  - 17. A computerized system, as in claim 10, wherein the computer readable instructions further comprise instructions to drill down in a display.
  - 18. A computerized system, as in claim 10, wherein the discrete martingale is computed for data that is first processed with the aid of a node database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Equilibrium Networks Incorporated
Original Assignee
Equilibrium Networks Incorporated
Inventors
Huntsman, Steve
Primary Examiner(s)
Ho, Andy

Application Number

US12/246,103
Publication Number

US 20090094618A1
Time in Patent Office

1,184 Days
Field of Search

719/318, 709/223, 709/224, 715/736
US Class Current

719/318
CPC Class Codes

H04L 63/1408 by monitoring network traff...

H04L 67/12 specially adapted for propr...

System and method for information assurance based on thermal analysis techniques

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

System and method for information assurance based on thermal analysis techniques

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others