Systems and methods for evaluating networks
First Claim
1. A computer-implemented method for evaluating networks, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying an initial set of recorded packet performance data that describes an instance of an attempt to establish a network connection path both from an original node to a subsequent node in a network and from the subsequent node to the original node;
detecting, by a software security system, a network anomaly based on comparison data resulting from a comparison between the initial set of recorded packet performance data and an additional set of recorded packet performance data that describes another instance of the attempt to establish the network connection path both from the original node to the subsequent node and from the subsequent node to the original node such that a network analysis corresponding to the comparison is bidirectional, the comparison data comprising a safety score indicative of a known level of safety and the detecting comprising;
calculating a statistical measure of differences between the initial set of recorded packet performance data and the additional set of recorded packet performance data; and
comparing the statistical measure of differences to a security threshold to determine that the statistical measure of differences exceeds the security threshold; and
performing, by the software security system, and in response to detecting the network anomaly based on the comparison between the sets of packet performance data, a security action to protect the computing device from a potential security threat indicated by the network anomaly, the security action comprising transmitting the comparison data to the computing device from a backend server provided by a security vendor that collects packet performance data from a multitude of client devices and stores the packet performance data within a security database to identify reputations of network devices.
6 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for evaluating networks may include (1) identifying an initial set of recorded packet performance data that describes an instance of an attempt to establish a network connection path between an original node and a subsequent node in a network, (2) detecting, by a software security system, a network anomaly based on comparison data resulting from a comparison between the initial set of recorded packet performance data and an additional set of recorded packet performance data that describes another instance of an attempt to establish a network connection path between the original node and the subsequent node, and (3) performing, by the software security system, and in response to detecting the network anomaly based on the comparison between the sets of packet performance data, a security action to protect the computing device. Various other methods, systems, and computer-readable media are also disclosed.
70 Citations
20 Claims
-
1. A computer-implemented method for evaluating networks, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
identifying an initial set of recorded packet performance data that describes an instance of an attempt to establish a network connection path both from an original node to a subsequent node in a network and from the subsequent node to the original node; detecting, by a software security system, a network anomaly based on comparison data resulting from a comparison between the initial set of recorded packet performance data and an additional set of recorded packet performance data that describes another instance of the attempt to establish the network connection path both from the original node to the subsequent node and from the subsequent node to the original node such that a network analysis corresponding to the comparison is bidirectional, the comparison data comprising a safety score indicative of a known level of safety and the detecting comprising; calculating a statistical measure of differences between the initial set of recorded packet performance data and the additional set of recorded packet performance data; and comparing the statistical measure of differences to a security threshold to determine that the statistical measure of differences exceeds the security threshold; and performing, by the software security system, and in response to detecting the network anomaly based on the comparison between the sets of packet performance data, a security action to protect the computing device from a potential security threat indicated by the network anomaly, the security action comprising transmitting the comparison data to the computing device from a backend server provided by a security vendor that collects packet performance data from a multitude of client devices and stores the packet performance data within a security database to identify reputations of network devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for evaluating networks, the system comprising:
-
an identification module, stored in memory, that identifies an initial set of recorded packet performance data that describes an instance of an attempt to establish a network connection path both from an original node to a subsequent node in a network and from the subsequent node to the original node; a detection module, stored in memory, that detects a network anomaly based on comparison data resulting from a comparison between the initial set of recorded packet performance data and an additional set of recorded packet performance data that describes another instance of the attempt to establish the network connection path both from the original node to the subsequent node and from the subsequent node to the original node such that a network analysis corresponding to the comparison is bidirectional, the comparison data comprising a safety score indicative of a known level of safety and the detecting comprising; calculating a statistical measure of differences between the initial set of recorded packet performance data and the additional set of recorded packet performance data; and comparing the statistical measure of differences to a security threshold to determine that the statistical measure of differences exceeds the security threshold; a performance module, stored in memory, that performs, in response to detecting the network anomaly based on the comparison between the sets of packet performance data, a security action to protect a computing device from a potential security threat indicated by the network anomaly, the security action comprising transmitting the comparison data to the computing device from a backend server provided by a security vendor that collects packet performance data from a multitude of client devices and stores the packet performance data within a security database to identify reputations of network devices; and at least one physical processor configured to execute the identification module, the detection module, and the performance module.
-
-
20. A non-transitory computer-readable medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify an initial set of recorded packet performance data that describes an instance of an attempt to establish a network connection path both from an original node to a subsequent node in a network and from the subsequent node to the original node; detect, by a software security system, a network anomaly based on comparison data resulting from a comparison between the initial set of recorded packet performance data and an additional set of recorded packet performance data that describes another instance of the attempt to establish the network connection path both from the original node to the subsequent node and from the subsequent node to the original node such that a network analysis corresponding to the comparison is bidirectional, the comparison data comprising a safety score indicative of a known level of safety and the detecting comprising; calculating a statistical measure of differences between the initial set of recorded packet performance data and the additional set of recorded packet performance data; and comparing the statistical measure of differences to a security threshold to determine that the statistical measure of differences exceeds the security threshold; and perform, by the software security system, and in response to detecting the network anomaly based on the comparison between the sets of packet performance data, a security action to protect the computing device from a potential security threat indicated by the network anomaly, the security action comprising transmitting the comparison data to the computing device from a backend server provided by a security vendor that collects packet performance data from a multitude of client devices and stores the packet performance data within a security database to identify reputations of network devices.
-
Specification