NETWORK BEHAVIOR DATA COLLECTION AND ANALYTICS FOR ANOMALY DETECTION
First Claim
1. A method comprising:
- receiving at an analytics module operating at a network device, network traffic data collected from a plurality of sensors distributed throughout a network and installed in network components to obtain the network traffic data from packets transmitted to and from the network components and monitor network flows within the network from multiple perspectives in the network;
processing the network traffic data at the analytics module, the network traffic data comprising process information, user information, and host information; and
identifying at the analytics module, anomalies within the network traffic data based on dynamic modeling of network behavior.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a method includes receiving at an analytics module operating at a network device, network traffic data collected from a plurality of sensors distributed throughout a network and installed in network components to obtain the network traffic data from packets transmitted to and from the network components and monitor network flows within the network from multiple perspectives in the network, processing the network traffic data at the analytics module, the network traffic data comprising process information, user information, and host information, and identifying at the analytics module, anomalies within the network traffic data based on dynamic modeling of network behavior. An apparatus and logic are also disclosed herein.
162 Citations
20 Claims
-
1. A method comprising:
-
receiving at an analytics module operating at a network device, network traffic data collected from a plurality of sensors distributed throughout a network and installed in network components to obtain the network traffic data from packets transmitted to and from the network components and monitor network flows within the network from multiple perspectives in the network; processing the network traffic data at the analytics module, the network traffic data comprising process information, user information, and host information; and identifying at the analytics module, anomalies within the network traffic data based on dynamic modeling of network behavior. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus comprising:
-
an interface for receiving network traffic data collected from a plurality of sensors distributed throughout a network and installed in network components to obtain the network traffic data from packets transmitted to and from the network components and monitor network flows within the network from multiple perspectives in the network; and a processor for processing the network traffic data, the network traffic data comprising process information, user information, and host information, and identifying at the network device, anomalies within the network traffic data based on dynamic modeling of network behavior. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. Logic encoded on one or more non-transitory computer readable media for execution and when executed operable to:
-
process network traffic data collected from a plurality of sensors distributed throughout a network and installed in network components to obtain the network traffic data from packets transmitted to and from the network components and monitor network flows within the network from multiple perspectives in the network, the network traffic data comprising process information, user information, and host information; and identify anomalies within the network traffic based on dynamic modeling of network behavior. - View Dependent Claims (18, 19, 20)
-
Specification