Protocol based detection of suspicious network traffic
US10084816B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 26, 2015 |
| Grant date | Sep 25, 2018 |
| Priority date | — |
| Expiry date | Feb 4, 2036 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1458
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Embodiments of the present invention relate to identification of suspicious network traffic indicative of a Botnet and/or an Advanced Persistent Threat (APT) based on network protocol of such traffic. According to one embodiment, a traffic file is received at a network security device that is protecting a private network. The traffic file contains therein network traffic associated with the private network that has been captured and stored. The received traffic file is processed by the network security device to determine whether the network traffic relates to a network protocol that is indicative of existence of a network security threat within the private network. When existence of the network security threat is detected, then the network security device reports details regarding the network security threat.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.