SOFTWARE NETWORK BEHAVIOR ANALYSIS AND IDENTIFICATION SYSTEM
First Claim
1. A method comprising:
- detecting, at a detection module, an indicator corresponding to a suspicious software component, wherein the indicator is detected based on monitored network data of a network system and based on a plurality of network behavior profiles, at least one of the network behavior profiles including an ordered sequence of network actions;
determining, at an identification module, whether the indicator corresponds to any of the plurality of network behavior profiles; and
generating output data in response to a determination that the indicator corresponds to a particular network behavior profile of the plurality of network behavior profiles.
1 Assignment
0 Petitions
Accused Products
Abstract
A particular method includes detecting, at a detection module, an indicator corresponding to a suspicious software component, where the indicator is detected based on monitored network data of a network system and based on a plurality of network behavior profiles. At least one of the network behavior profiles includes an ordered sequence of network actions. The method further includes determining, at an identification module, whether the indicator corresponds to any of the plurality of network behavior profiles. The method further includes generating output data in response to a determination that the indicator corresponds to a particular network behavior profile of the plurality of network behavior profiles.
-
Citations
20 Claims
-
1. A method comprising:
-
detecting, at a detection module, an indicator corresponding to a suspicious software component, wherein the indicator is detected based on monitored network data of a network system and based on a plurality of network behavior profiles, at least one of the network behavior profiles including an ordered sequence of network actions; determining, at an identification module, whether the indicator corresponds to any of the plurality of network behavior profiles; and generating output data in response to a determination that the indicator corresponds to a particular network behavior profile of the plurality of network behavior profiles. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
a processor; and a memory coupled to the processor, the memory storing instructions that, when executed by the processor, cause the processor to perform operations comprising; detecting, at a detection module, an indicator corresponding to a suspicious software component, wherein the indicator is detected based on monitored network data of a network system and based on a plurality of network behavior profiles, at least one of the network behavior profiles including an ordered sequence of network actions; determining, at an identification module, whether the indicator corresponds to any of the plurality of network behavior profiles; and generating output data in response to a determination that the indicator corresponds to a particular network behavior profile of the plurality of network behavior profiles. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A computer-readable storage device storing instructions that, when executed by a processor, cause the processor to perform operations comprising:
-
detecting, at a detection module, an indicator corresponding to a suspicious software component based on monitored network data of a network system and based on a plurality of network behavior profiles, at least one of the network behavior profiles including an ordered sequence of network actions; determining, at an identification module, whether the indicator corresponds to any of the plurality of network behavior profiles; and generating first output data in response to a determination that the indicator correspond to a particular network behavior profile of the plurality of network behavior profiles. - View Dependent Claims (19, 20)
-
Specification