Automatic detection of network threats based on modeling sequential behavior in network traffic
US10154051B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Aug 31, 2016 |
| Grant date | Dec 11, 2018 |
| Priority date | — |
| Expiry date | Sep 17, 2036 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06N3/084
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A computer-implemented data processing method comprises: executing a recurrent neural network (RNN) comprising nodes each implemented as a Long Short-Term Memory (LSTM) cell and comprising links between nodes that represent outputs of LSTM cells and inputs to LSTM cells, wherein each LSTM cell implements an input layer, hidden layer and output layer of the RNN; receiving network traffic data associated with networked computers; extracting feature data representing features of the network traffic data and providing the feature data to the RNN; classifying individual Uniform Resource Locators (URLs) as malicious or legitimate using LSTM cells of the input layer, wherein inputs to the LSTM cells are individual characters of the URLs, and wherein the LSTM cells generate feature representation; based on the feature representation, generating signals to a firewall device specifying either admitting or denying the URLs.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.