Electrical computers and digital processing systems: multicomput – Computer network managing – Computer network monitoring
Reexamination Certificate
2011-06-14
2011-06-14
Barot, Bharat N (Department: 2455)
Electrical computers and digital processing systems: multicomput
Computer network managing
Computer network monitoring
C709S223000, C370S229000, C370S235000
Reexamination Certificate
active
07962611
ABSTRACT:
Methods, systems and computer program products for detecting flow-level network traffic anomalies via abstraction levels. An exemplary embodiment includes a method for detecting flow-level network traffic anomalies in a computer network, the method including obtaining current distributions of flow level traffic features within the computer network, computing distances of the current distributions' components from a distributions model, comparing the distances of the current distributions to distance baselines from the distributions model, determining if the distances are above a pre-determined thresholds and in response to one or more of the distances being above the pre-determined thresholds in one or more distributions, identifying the current condition to be abnormal and providing indications to its nature.
REFERENCES:
patent: 7594014 (2009-09-01), Nakamura
patent: 7599293 (2009-10-01), Bain et al.
patent: 7860965 (2010-12-01), Bain et al.
patent: 7865582 (2011-01-01), Santos et al.
patent: 2007/0211635 (2007-09-01), Hao et al.
patent: 2009/0265784 (2009-10-01), Waizumi et al.
patent: 2010/0014420 (2010-01-01), Wang et al.
patent: 2010/0138919 (2010-06-01), Peng et al.
Mining Anomalies Using Traffic Feature Distributions, [online]; [retrieved on Mar. 26, 2008]; retrieved from the Internet http://www.sigcomm.org/sigcomm2005/paper-LakCro.pdf.
Detectability of Traffic Anomalies in Two Adjacent Networks, [online]; [retrieved on Mar. 26, 2008]; retrieved from the Internet http://www.cs.princeton.edu/˜jrex/papera/pam07.pdfon.
Detecting Anomalies in Network Traffic Using Maximum Entropy Estimation, [online]; [retrieved on Mar. 26, 2008]; retrieved from the Internet http://www.imconf.net/imc-2005/papers/im05efiles/gu/gu.pdf.
Sourcefire Vulnerability Research Team (VRT), [online]; [retrieved on Mar. 26, 2008]; retrieved from the Internet http://www.snort.org.
Chapter 2 Writing SNORT Rules How To Write SNORT Rules And Keep Your Sanity, [online]; [retrieved on Mar. 26, 2008]; retrieved from the Internet http://www.snort.org/docs/writing—rules/chap2.html.
Bro Intrusion Detection System, [online]; [retrieved on Mar. 26, 2008]; retrieved from the Internet http://www.bro-ids.org.
OSSEC, [online]; [retrieved on Mar. 26, 2008]; retrieved from the Internet http://www.ossec.net.
OSSEC, [online]; [retrieved on Mar. 26, 2008]; retrieved from the Internet http://en.wikipedia.org/wiki/OSSEC.
Tripwire, [online]; [retrieved on Mar. 26, 2008]; retrieved from the Internet http://www.tripwore.com.
SNORT-Lightweight Intrusion Detection for Networks, [online]; [retrieved on Mar. 26, 2008]; retrieved from the Internet http://www.usenix.org/events/lisa99/full—papers/roesch/roesch.pdf.
Detection and Characterization of Port Scan Attacks, [online]; [retrieved on Mar. 26, 2008]; retrieved from the Internet http://www.cs.icsd.edu/users/clbailey/PortScans.pdf.
Hurley Paul T.
Kind Andreas
Stoecklin Marc Ph.
Barot Bharat N
Cantor & Colburn LLP
International Business Machines - Corporation
Kaufman Stephen
LandOfFree
Methods, systems and computer program products for detecting... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Methods, systems and computer program products for detecting..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Methods, systems and computer program products for detecting... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2722414