Method for the detection and visualization of anomalous behaviors in a computer network
First Claim
1. A method for the detection of anomalous behaviors in a computer network, comprising the steps of:
- collecting data relating to connections initiated by components in the network, said components selected from any one or more of a group including users, nodes and applications, sending said data to an anomaly detection system (ADS) platform, computing from said data an anomaly level of each component or of each of a group of said components, and computing a multidimensional chart for visualizing the behavior of said components or groups of components in said network in which said anomaly level of said components or groups of components is represented on a dimension in said chart.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for the detection of anomalous behaviors in a computer network, comprising the steps of: collecting data relating to connections in a plurality of nodes in a network, sending the data from said nodes to an ADS platform, computing from said data at least one value representative of the anomaly level of the connections of each said node and/or of applications initiating said connections and/or of users, computing a multidimensional chart for visualizing the behavior of a plurality of nodes, applications and/or users in said network, wherein said value representative of the anomaly level is used as a dimension in said chart.
164 Citations
20 Claims
-
1. A method for the detection of anomalous behaviors in a computer network, comprising the steps of:
-
collecting data relating to connections initiated by components in the network, said components selected from any one or more of a group including users, nodes and applications, sending said data to an anomaly detection system (ADS) platform, computing from said data an anomaly level of each component or of each of a group of said components, and computing a multidimensional chart for visualizing the behavior of said components or groups of components in said network in which said anomaly level of said components or groups of components is represented on a dimension in said chart. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for detecting anomalous behaviors in a computer network, comprising:
an ADS platform for collecting data relating to connections initiated by components in the network, said components selected from any one or more of a group including users, nodes and applications and for computing from said data an anomaly level of each component or of each of a group of said components, and a visualization platform for displaying a multidimensional chart for visualizing the behavior of said components or groups of components in said network in which said anomaly level of said components or groups of components is represented on a dimension in said chart.
-
14. A method for the detection of anomalous behaviors in a computer network, comprising the steps of:
-
collecting data relating to connections initiated by components in the network, said components selected from any one or more of a group including users, nodes and applications, said data including data identifying components, applications and destination ports, sending said data to an anomaly detection system (ADS) platform, computing from said data a multidimensional chart displaying said components, applications, and destination ports in the form of icons along separate and essentially parallel axes, where the related components, applications and destination ports are interlinked between adjacent axes with lines to visualize the connections. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification