Systems and methods for detecting network intrusions

Assignees

• BBN Technologies Corporation · US
• VERIZON CORPORATE SERVICES GROUP INC. · US

Inventors

• Daniel Francis Vukelich · Nashua, US
• John LOWRY · Pepperell, US
• Derrick Kong · Somerville, US
• Wilson Wrenshall Farrell, Jr. · Lexington, US
• Kenneth Burton Theriault · Lexington, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1416
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A device (120) processes traffic in a network. The device (120) obtains information corresponding to an activity between a group of source devices and one or more services of destination devices, measures, for each of the group of source devices, a behavior of the source activity in terms of independence and uniformity of access to the one or more services, and determines, for each of the group of source devices, whether the source activity includes probing based on the measured behavior. The device (120) also determines, for each of the group of source devices, a similarity factor representing a similarity between the source activity of one of the group of source devices and another of the group of source devices, compares the similarity factors for each pair of source devices to a threshold, and groups source devices when the similar factor for those source devices are below the threshold.