Network port profiling
US7290283B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Jan 31, 2002 |
| Grant date | Oct 30, 2007 |
| Priority date | — |
| Expiry date | Aug 29, 2023 |
Classification
- Technology area (CPC Y)Emerging Cross-Sectional Technologies
- CPC primaryY02D30/50
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A port profiling system detects unauthorized network usage. The port profiling system analyzes network communications to determine the service ports being used. The system collects flow data from packet headers between two hosts or Internet Protocol (IP) addresses. The collected flow data is analyzed to determine the associated network service provided. A host data structure is maintained containing a profile of the network services normally associated with the host. If the observed network service is not one of the normal network services performed as defined by the port profile for that host, an alarm signal is generated and action can be taken based upon the detection of an Out of Profile network service. An Out of Profile operation can indicate the operation of a Trojan Horse program on the host, or the existence of a non-approved network application that has been installed.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.