×

Analyzing traffic patterns to detect infectious messages

  • US 8,122,508 B2
  • Filed: 10/29/2007
  • Issued: 02/21/2012
  • Est. Priority Date: 07/13/2004
  • Status: Active Grant
First Claim
Patent Images

1. A method of detecting a malicious message in a stream of incoming messages on a network, the method comprising:

  • establishing a local subnet traffic pattern based on a stream of messages previously sent over the network and received in a local subnet, the local subnet traffic pattern providing a local subnet baseline built from a collection of messages identified as good messages from the stream of messages previously received in the local subnet;

    establishing a threshold describing a range of expected deviation from the local subnet baseline;

    collecting data regarding an incoming message at a time of receipt of the incoming message, the incoming message received in the local subnet;

    calculating a probability that the incoming message is malicious based on the collected data from the incoming message, the probability indicating a deviation of the collected data from the established local subnet baseline;

    identifying a traffic pattern variable associated with traffic streams on the network at the time of receipt of the incoming message, wherein the traffic pattern variable includes information regarding a local traffic pattern of a different local subnet; and

    classifying the incoming message as malicious based on the identified traffic pattern variable and the calculated probability that the incoming message is malicious exceeding the established threshold.

View all claims
  • 23 Assignments
Timeline View
Assignment View
    ×
    ×