NETWORK SURVEILLANCE
First Claim
Patent Images
1. A method of network surveillance, comprising:
- monitoring an event stream derived from network packets;
building a long-term statistical profile and multiple short-term statistical profiles from at least one measure of said event stream;
comparing one of the multiple short-term statistical profiles with the long-term statistical profile; and
determining whether the difference between the one of the multiple short-term statistical profiles and the long-term statistical profile indicates suspicious network activity.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and at least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the statistical profiles is used to determine whether the difference between the statistical profiles indicates suspicious network activity.
101 Citations
20 Claims
-
1. A method of network surveillance, comprising:
-
monitoring an event stream derived from network packets; building a long-term statistical profile and multiple short-term statistical profiles from at least one measure of said event stream; comparing one of the multiple short-term statistical profiles with the long-term statistical profile; and determining whether the difference between the one of the multiple short-term statistical profiles and the long-term statistical profile indicates suspicious network activity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of network surveillance, comprising:
-
receiving network packets handled by a network entity; partitioning the network packets into one or more sessions representing a communication transaction between two hosts; building at least one short-term statistical profile and at least one long-term statistical profile from at least one measure of the network packets; comparing at least one long-term and at least one short-term statistical profile; and determining whether the difference between the short-term statistical profile and the long-term statistical profile indicates suspicious network activity. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method of network surveillance, comprising:
-
monitoring network packets handled by a network entity; building at least one long-term statistical profile and at least one short-term statistical profile from at least one measure of the network packets, wherein said building step accounts for timing of said network packets being received by the network entity; comparing said at least one short-term statistical profile with said at least one long-term statistical profile; and
determining whether the difference between said at least one short-term statistical profile and said at least one long-term statistical profile indicates suspicious network activity.
-
Specification