ANOMALY INSPECTION APPLIANCE AND ANOMALY INSPECTION METHOD BASED ON CORRELATIONS OF PACKETS

ANOMALY INSPECTION APPLIANCE AND ANOMALY INSPECTION METHOD BASED ON CORRELATIONS OF PACKETS

A method and an appliance for anomaly inspection based on correlations of packets are disclosed. The appliance (1) includes a processing unit (13), a first communication channel (C1), and a second communication channel (C2), wherein the first communication channel (C1) transmits a first packet under...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: TSAI, Wen-Yen, HUANG, Hung-Sheng
Format: Patent
Sprache:eng ; fre ; ger
Schlagworte:
CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A method and an appliance for anomaly inspection based on correlations of packets are disclosed. The appliance (1) includes a processing unit (13), a first communication channel (C1), and a second communication channel (C2), wherein the first communication channel (C1) transmits a first packet under a first communication protocol (16) and the second communication channel (C2) transmits a second packet under a second communication protocol (17). The processing unit (13) performs a field breakdown procedure to the first packet and the second packet to respectively obtain multiple packet fields of the two packets, matching relevant fields of the two packets based on a correlation database (15) and computing the correlation of the relevant fields. Therefore, an alarm is made when the correlation of the relevant fields is different from an expected correlation type.