Fast identification of violation and attack execution in network traffic patterns

Fast identification of violation and attack execution in network traffic patterns

A method, apparatus and computer system for identifying threats on a TCP/IP-based network. The method utilizes a set of reference patterns (or "network spectrum") associated with one or more defined hazard indicators (IoC). At least one reference pattern is time-bounded and a network traff...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: TACCABRI WALTER FRANCIS, DOS SANTOS SILVA BENEDICTE
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A method, apparatus and computer system for identifying threats on a TCP/IP-based network. The method utilizes a set of reference patterns (or "network spectrum") associated with one or more defined hazard indicators (IoC). At least one reference pattern is time-bounded and a network traffic pattern is profiling using a set of session data (e.g., total amount, direction, traffic metadata) to determine a traffic pattern of the network. The set of session data is payload neutral and may be derived in part by time series compression of at least one constant coding interval. Network traffic data associated with a traffic pattern under test is received and encoded into a test spectrum. Stream-based real-time comparison is performed to determine whether the test spectrum matches any one of the reference spectra. In response to identifying a match, a given remedial or mitigation action is taken. The reference spectrum may represent a bi-directional stream or a multi-directional stream, and the multi-directional stre