×

Network anomaly detection

  • US 9,407,652 B1
  • Filed: 12/15/2015
  • Issued: 08/02/2016
  • Est. Priority Date: 06/26/2015
  • Status: Active Grant
First Claim
Patent Images

1. An anomaly-detection computer system to identify when an user of a network is a malicious actor, the anomaly-detection computer system comprising:

  • one or more computer readable storage devices configured to store one or more software modules including computer executable instructions; and

    one or more hardware computer processors in communication with the one or more computer readable storage devices and configured to execute the one or more software modules in order to cause the computer system to;

    log, to the one or more computer readable storage devices, activity on the network by a plurality of users, the activity comprising indications of port numbers associated with the activity on the network;

    calculate similarity scores by, in part, comparing port numbers associated with a first user of the plurality of users to port numbers associated with other users of the plurality of users, the similarity scores calculated based at least in part on the logged activity on the network;

    sort the plurality of users into a plurality of cohorts based at least in part on which of the plurality of users have similarity scores that satisfy a similarity threshold;

    store data into a memory, the data identifying which of the plurality of users were sorted into the plurality of cohorts;

    detect a first port number indicated in a new network activity of the first user of the plurality of users, wherein the first user is associated with a first cohort of the plurality of cohorts; and

    determine, based at least in part on a comparison performed by the one or more processors of the first port number to other port numbers associated with the first cohort, that the new network activity associated with the first user is anomalous.

View all claims
  • 8 Assignments
Timeline View
Assignment View
    ×
    ×