METHOD AND APPARATUS FOR DETECTION OF INFORMATION TRANSMISSION ABNORMALITIES
First Claim
1. A method of adapting to changed conditions and analyzing network communication with respect to a profile of acceptable behavior including probability values of network communication parameters developed from a collection of historical network communication, the method comprising:
- receiving a current network communication, the current network communication including a first network communication parameter and a second network communication parameter, the first network communication parameter independent of the second network communication parameter;
assigning a first probability value indicative of the first network communication parameter, the probability value based on a comparison of the first network communication parameter against the profile of acceptable behavior;
assigning a second probability value indicative of the second network communication parameter, the probability value based on a comparison of the second network communication parameter against the profile of acceptable behavior, the second probability value statistically independent of the first probability value;
determining the probability value of the current network communication by aggregating the first and second probability values of the first and second network communication parameters;
validating the current network communication against the profile of acceptable behavior based upon the probability value of the current network communication and a threshold criteria;
triggering a responsive action based on the result of the validation.
11 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, a method for securing a network application is described. The method for securing a network application includes receiving network information within a network application and assigning a probability value to an independent aspect of the network information. The probability value is based on a verification of the independent aspect of the information against a profile of acceptable behavior. The method for securing a network application also includes aggregating the probability values of the independent aspects of the network information to determine the probability of the entire network traffic. In addition, the method for securing a network application includes determining whether the probability value of the entire network information is above or below a threshold probability value. The entire network information is screened out based on the probability value of the entire message with respect to the threshold probability value.
97 Citations
35 Claims
-
1. A method of adapting to changed conditions and analyzing network communication with respect to a profile of acceptable behavior including probability values of network communication parameters developed from a collection of historical network communication, the method comprising:
-
receiving a current network communication, the current network communication including a first network communication parameter and a second network communication parameter, the first network communication parameter independent of the second network communication parameter; assigning a first probability value indicative of the first network communication parameter, the probability value based on a comparison of the first network communication parameter against the profile of acceptable behavior; assigning a second probability value indicative of the second network communication parameter, the probability value based on a comparison of the second network communication parameter against the profile of acceptable behavior, the second probability value statistically independent of the first probability value; determining the probability value of the current network communication by aggregating the first and second probability values of the first and second network communication parameters; validating the current network communication against the profile of acceptable behavior based upon the probability value of the current network communication and a threshold criteria; triggering a responsive action based on the result of the validation. - View Dependent Claims (4, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
- 2. The method of claim 2, further comprising storing the current network communication in a buffer until enough data has been accumulated for the current network communication to be statistically valid.
-
15. A method of adapting to changed conditions and analyzing network traffic in a network application system comprising:
-
developing a profile of acceptable behavior for network information for transmission over a network, the profile of acceptable behavior including probability values of network communication parameters developed from a collection of historical network communication; receiving a current network communication, the current network communication including multiple current network communication parameters, each of the current network communication parameters independent of each other; assigning a probability value indicative of each of the current network communication parameter, the probability value based on a comparison of each of the current network communication parameter against the profile of acceptable behavior; determining the probability value of the current network communication by aggregating the probability value of each of the current network communication parameter; validating the current network communication against the profile of acceptable behavior based upon whether or not the probability value of the current network communication meets a threshold criteria; triggering a responsive action based on the result of the validation. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A system for adapting to changed conditions and analyzing network traffic in a network application system comprising:
-
a dynamic profiling module configured to develop a profile of acceptable behavior for network information for transmission over a network, the profile of acceptable behavior including probability values of network communication parameters developed from a collection of historical network communication; a control module configured to receive a current network communication, the current network communication including multiple current network communication parameters, each of the current network communication parameters independent of each other; and the control module configured to assign a probability value indicative of each of the current network communication parameter, the probability value based on a comparison of each of the current network communication parameter against the profile of acceptable behavior, to determine probability value of the current network communication by aggregating the probability value of each of the current network communication parameter, to validate the current network communication against the profile of acceptable behavior based upon the probability value of the current network communication and a threshold criteria, to trigger a responsive action based on the result of the validation. - View Dependent Claims (30, 31, 32, 33, 34, 35)
-
Specification