INTRA-DATACENTER ATTACK DETECTION
First Claim
Patent Images
1. A computer-implemented method, comprising:
- capturing, by a datacenter analytics module that analyzes intra-datacenter flows and extra-datacenter flows, a subset of the intra-datacenter flows;
obtaining, by the datacenter analytics module, a comparison of the subset of the intra-datacenter-data flows and historical flows;
determining, by the datacenter analytics module, that the subset of the intra-datacenter flows corresponds to anomalous traffic based on the comparison; and
analyzing, by the datacenter analytics module, the subset of the intra-datacenter flows to determine whether the subset of the intra-datacenter flows corresponds to malicious traffic.
1 Assignment
0 Petitions
Accused Products
Abstract
An example method can include receiving a traffic report from a sensor and using the traffic report to detect intra-datacenter flows. These intra-datacenter flows can then be compared with a description of historical flows. The description of historical flows can identify characteristics of normal and malicious flows. Based on the comparison, the flows can be classified and tagged as normal, malicious, or anomalous. If the flows are tagged as malicious or anomalous, corrective action can be taken with respect to the flows. A description of the flows can then be added to the description of historical flows.
225 Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
capturing, by a datacenter analytics module that analyzes intra-datacenter flows and extra-datacenter flows, a subset of the intra-datacenter flows; obtaining, by the datacenter analytics module, a comparison of the subset of the intra-datacenter-data flows and historical flows; determining, by the datacenter analytics module, that the subset of the intra-datacenter flows corresponds to anomalous traffic based on the comparison; and analyzing, by the datacenter analytics module, the subset of the intra-datacenter flows to determine whether the subset of the intra-datacenter flows corresponds to malicious traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer-readable medium comprising instructions stored thereon, the instructions, when executed, cause a computing device, which analyzes intra-datacenter flows and extra-datacenter flows, to:
-
capture a subset of the intra-datacenter flows; obtain a comparison of the subset of the intra-datacenter-data-flows and historical flows; determine that the subset of the intra-datacenter flows corresponds to anomalous traffic based on the comparison; and analyze the subset of the intra-datacenter flows to determine whether the subset of the intra-datacenter flows corresponds to malicious traffic. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification