Port scan detection using destination profiles
US11770396B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 2, 2021 |
| Grant date | Sep 26, 2023 |
| Priority date | — |
| Expiry date | Dec 28, 2041 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1416
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method, including identifying, in network data traffic, a set of pairs of source and destination nodes, each pair having a given source node, a given destination node, and one or more ports accessed in the traffic between the nodes in each pair, and computing, for each pair, a respective baseline that indicates a first number of the ports that source nodes other than the given source node in the pair accessed on the given destination node during a first period. For each pair, a respective test score is computed that indicates a difference between a second number of the ports that the given source node in the pair accessed on the given destination node during a second period and the baseline, and a preventive action is initiated with respect to the given source node in any of the pairs for which the test score is greater than a threshold.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.