NEAR REAL-TIME DETECTION OF SUSPICIOUS OUTBOUND TRAFFIC

Detecting emergent abnormal behavior in a computer network faster and more accurately allows for the security of the network against malicious parties to be improved. To detect abnormal behavior, outbound traffic is examined from across several devices and processes in the network to identify rarely...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: AHMAD NAVEED, BRIGGS REEVES HOPPE, DIPLACIDO MARCO, JEFFREY BRYAN ROBERT, LUO PENGCHENG
Format: Patent
Sprache:chi ; eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Detecting emergent abnormal behavior in a computer network faster and more accurately allows for the security of the network against malicious parties to be improved. To detect abnormal behavior, outbound traffic is examined from across several devices and processes in the network to identify rarely communicated-with destinations that are associated with rarely-executed processes. As a given destination and process is used more frequently over time by the network, the level of suspicion associated with that destination and process is lowered as large groups of devices are expected to behave the same when operating properly and not under the control of a malicious party. Analysts are alerted in near real-time to the destinations associated with the activities deemed most suspicious. 更快且更准确地检测计算机网络中的突发的异常行为允许网络针对恶意方的安全性得到改进。为了检测异常行为,将检查来自网络中多个设备和过程的出站业务,以识别与很少执行的过程相关联的很少与之通信的目的地。当随着时间的推移,网络越来越频繁地使用给定的目的地和过程,与该目的地和过程相关的可疑程度就会降低,这是因为当大量设备正常操作时并且不受恶意方控制时,预期它们表现相同。分析人员接近实时地被警报至与被认为最可疑的活动相关联的目的地。