System and method for detecting sources of abnormal computer network messages

System and method for detecting sources of abnormal computer network messages

A system for detecting a source or destination of abnormal message traffic on a network, the system having: an abnormality detection engine configured to track messages between a plurality of sources and a plurality of destinations; and one or more abnormality detectors configured to: determine a ba...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Bowman, Don, Bedi, Harmeet Singh
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A system for detecting a source or destination of abnormal message traffic on a network, the system having: an abnormality detection engine configured to track messages between a plurality of sources and a plurality of destinations; and one or more abnormality detectors configured to: determine a bandwidth variation of a rate of messages to a destination, wherein determining the bandwidth variation comprises: generate a bandwidth counter for each destination; update the bandwidth counter based on the rate of messages to a destination; determine if a predetermined amount of time has passed; and compare values in the source and destination pair counter to a predetermined source and destination pair threshold and comparing values in the bandwidth counter to a predetermined steady rate of messages after the predetermined amount of time has passed to determine if there is abnormal message traffic related to a source or destination based on both comparisons.