Aggregator for connection based anomaly detection
First Claim
Patent Images
1. A device, comprising:
- a processor;
a memory storing a connection table that maps each node of a network to a record object that stores information about traffic to or from the node.
23 Assignments
0 Petitions
Accused Products
Abstract
A system for detecting network intrusions and other conditions in a network is described. The system includes a plurality of collector devices that are disposed to collect data and statistical information on packets that are sent between nodes on a network. An aggregator device is disposed to receive data and statistical information from the plurality of collector devices. The aggregator device produces a connection table that maps each node on the network to a record that stores information about traffic to or from the node. The aggregator runs processes that determine network events from aggregating of anomalies into network events.
145 Citations
24 Claims
-
1. A device, comprising:
-
a processor;
a memory storing a connection table that maps each node of a network to a record object that stores information about traffic to or from the node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer program product residing on a computer readable medium for use in detecting network intrusions comprises instructions for causing a processor to:
store a connection table that maps each node of a network to a record object that stores information about traffic to or from the node. - View Dependent Claims (20, 21, 22, 23, 24)
Specification