System and method for detection of aberrant network behavior by clients of a network access gateway
First Claim
Patent Images
1. A system for detecting aberrant network, comprising:
- a first network interface coupled to one or more clients, wherein the system is configured to;
receive network communications at the first network interface, wherein each of the network communications is associated with a first client;
determine if aberrant network behavior is occurring with respect to the first client, wherein determining if network behavior is aberrant comprises;
analyzing the received network communications to determine if a first rule of any of one or more rules corresponding to the network communications associated with the first client,updating a first set of statistical information associated with the first client responsive to a determination that the first rule, corresponding to the network communications, wherein the first set of statistical information is accumulated over a time period, andanalyzing the first set of statistical information to determine if aberrant network behavior is occurring with respect to the first client by applying a set of conditions to the first set of statistical information, each of the set of conditions corresponding to aberrant network behavior and comprising a threshold to be applied to at least a portion of the statistical information.
7 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of systems and methods for detecting aberrant network behavior are disclosed. One embodiment comprises a network interface over which network communications are received from a client. These network communications can then be analyzed to determine if aberrant network behavior is occurring with respect to the client.
-
Citations
21 Claims
-
1. A system for detecting aberrant network, comprising:
-
a first network interface coupled to one or more clients, wherein the system is configured to; receive network communications at the first network interface, wherein each of the network communications is associated with a first client; determine if aberrant network behavior is occurring with respect to the first client, wherein determining if network behavior is aberrant comprises; analyzing the received network communications to determine if a first rule of any of one or more rules corresponding to the network communications associated with the first client, updating a first set of statistical information associated with the first client responsive to a determination that the first rule, corresponding to the network communications, wherein the first set of statistical information is accumulated over a time period, and analyzing the first set of statistical information to determine if aberrant network behavior is occurring with respect to the first client by applying a set of conditions to the first set of statistical information, each of the set of conditions corresponding to aberrant network behavior and comprising a threshold to be applied to at least a portion of the statistical information. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for detecting aberrant network behavior in one or more clients coupled to a first network interface, comprising:
-
receiving network communications at the first network interface, wherein each of the network communications is associated with a first client; determining if aberrant network behavior is occurring with respect to the first client, wherein determining if network behavior is aberrant comprises; analyzing the received network communications to determine if a first rule of any of one or more rules corresponding to the network communications associated with the first client, updating a first set of statistical information associated with the first client responsive to a determination that the first rule corresponding to the network communications, wherein the first set of statistical information is accumulated over a time period, and analyzing the first set of statistical information to determine if aberrant network behavior is occurring with respect to the first client by applying a set of conditions to the first set of statistical information, each of the set of conditions corresponding to aberrant network behavior and comprising a threshold to be applied to at least a portion of the statistical information. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A tangible non-transitory computer readable medium comprising instructions for:
-
receiving network communications at the first network interface, wherein each of the network communications is associated with a first client; determining if aberrant network behavior is occurring with respect to the first client, wherein determining if network behavior is aberrant comprises; analyzing the received network communications to determine if a first rule of any of one or more rules corresponding to the network communications associated with the first client, updating a first set of statistical information associated with the first client responsive to a determination that the first rule corresponding to the network communications, wherein the first set of statistical information is accumulated over a time period, and analyzing the first set of statistical information to determine if aberrant network behavior is occurring with respect to the first client by applying a set of conditions to the first set of statistical information, each of the set of conditions corresponding to aberrant network behavior and comprising a threshold to be applied to at least a portion of the statistical information. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification