Method and apparatus for monitoring malicious traffic in communication networks
First Claim
1. A method of monitoring data traffic in a communication network, comprising receiving data traffic at a router connected to said communication network, monitoring at said router information contained in the received data traffic, and based on said information, determining at said router whether data in said traffic is indicative of a malicious threat to one or more resources connected to said communication network.
13 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for monitoring data traffic in a communication network are provided. A router connected to the communication network monitors information contained in the data traffic, and based on the information determines whether data in the traffic is indicative of a malicious threat to one or more resources connected to the network. Parameters which control monitoring of traffic at the router, such as the sampling rate and what information is to be extracted from the data is varied according to the condition of the network so that the monitoring can be adapted to focus on traffic which relates to a particular suspected or detected threat.
122 Citations
22 Claims
-
1. A method of monitoring data traffic in a communication network, comprising receiving data traffic at a router connected to said communication network,
monitoring at said router information contained in the received data traffic, and based on said information, determining at said router whether data in said traffic is indicative of a malicious threat to one or more resources connected to said communication network.
-
12. A network element for receiving and routing data traffic in a communication network, comprising:
-
an interface for receiving traffic from a communication network, a monitor for monitoring information contained in the received data traffic, and a module for determining from said monitored information, whether the data in said traffic is indicative of a malicious threat to one or more resources connected to said communication network. - View Dependent Claims (13, 14, 15)
-
-
16. A network element for receiving and routing data traffic in a communication network, comprising:
-
an interface for receiving data traffic from a communication network, a monitor for monitoring said data traffic, wherein said monitor is operable to monitor said data traffic according to a plurality of different criteria, and is responsive to a detector detecting that data in said traffic is indicative of a malicious threat to one or more resources connected to said communication network to change monitoring from a predetermined monitoring criteria to another monitoring criteria. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification