Patent · US Active

Identification of potential network threats using a distributed threshold random walk

US7768921B2 · kind B2 · utility

3Cited by

2References

38Claims

0Family size

Assignee

Juniper Networks, Inc. · US

Inventors

Harshad Nakil · San Jose, US
Bryan Burns · Portland, US
Ankur Singla · San Jose, US

Key dates

Filing date	Oct 30, 2006
Grant date	Aug 3, 2010
Priority date	—
Expiry date	Oct 25, 2028

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1425
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

In general, the invention is directed to techniques of identifying an infected network device in a computer network where traffic to and from the infected network device is not necessarily routed through a single point on the computer network. For example, individual line cards in network devices count incoming network flows from network devices in host tables. The host tables of all line cards of all participating network devices are then correlated. It is then determined whether the number of flows from a network device outweighs the number of flows to the network device to a significant degree. If so, the network device may be considered suspicious. Packets from a suspicious network device may be rerouted to a network security device for more thorough inspection.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.