System and method for detecting sources of abnormal computer network messages
US10938694B2 · kind B2 · utility
Inventors
Key dates
| Filing date | May 11, 2020 |
| Grant date | Mar 2, 2021 |
| Priority date | — |
| Expiry date | May 11, 2040 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2101/37
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A system for detecting a source or destination of abnormal message traffic on a network, the system having: an abnormality detection engine configured to track messages between a plurality of sources and a plurality of destinations; and one or more abnormality detectors configured to: determine a bandwidth variation of a rate of messages to a destination, wherein determining the bandwidth variation comprises: generate a bandwidth counter for each destination; update the bandwidth counter based on the rate of messages to a destination; determine if a predetermined amount of time has passed; and compare values in the source and destination pair counter to a predetermined source and destination pair threshold and comparing values in the bandwidth counter to a predetermined steady rate of messages after the predetermined amount of time has passed to determine if there is abnormal message traffic related to a source or destination based on both comparisons.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.