DATA MINING TO IDENTIFY MALICIOUS ACTIVITY
First Claim
1. A method comprising:
- monitoring, with a monitoring system comprising a processor in communication with a network, network traffic to and/or from an asset associated with the network;
assessing, with the monitoring system, the network traffic to determine a source and/or destination for the network traffic and/or content of the network traffic;
determining, with the monitoring system, whether the network traffic is suspicious network traffic based on the assessed source and/or destination and/or content;
when the network traffic is determined to be suspicious network traffic, capturing, with the monitoring system, metadata associated with the suspicious network traffic and storing the metadata in a database in communication with the processor; and
when the network traffic is not determined to be suspicious network traffic, disregarding, with the monitoring system, metadata associated with the network traffic.
12 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods may determine suspicious network traffic. A monitoring system comprising a processor in communication with a network may monitor network traffic to or from an asset associated with the network. The monitoring system may assess the network traffic to determine a source and/or destination for the network traffic anchor content of the network traffic. The monitoring system may determine whether the network traffic is suspicious network traffic based on the assessed source and/or destination and/or content. When the network traffic is determined to be suspicious network traffic, the monitoring system may capture metadata associated with the suspicious network traffic and store the metadata in a database in communication with the processor. When the network traffic is not determined to be suspicious network traffic, the monitoring system may disregard metadata associated with the network traffic.
40 Citations
14 Claims
-
1. A method comprising:
-
monitoring, with a monitoring system comprising a processor in communication with a network, network traffic to and/or from an asset associated with the network; assessing, with the monitoring system, the network traffic to determine a source and/or destination for the network traffic and/or content of the network traffic; determining, with the monitoring system, whether the network traffic is suspicious network traffic based on the assessed source and/or destination and/or content; when the network traffic is determined to be suspicious network traffic, capturing, with the monitoring system, metadata associated with the suspicious network traffic and storing the metadata in a database in communication with the processor; and when the network traffic is not determined to be suspicious network traffic, disregarding, with the monitoring system, metadata associated with the network traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a database; and a monitoring system comprising a processor in communication with a network and in communication with the database, the monitoring system being constructed and arranged to; monitor network traffic to and/or from an asset associated with the network; assess the network traffic to determine a source and/or destination for the network traffic and/or content of the network traffic; determine whether the network traffic is suspicious network traffic based on the assessed source and/or destination and/or content; when the network traffic is determined to be suspicious network traffic, capture metadata associated with the suspicious network traffic and store the metadata in the database; and when the network traffic is not determined to be suspicious network traffic, disregard metadata associated with the network traffic. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification