List-based alerting in traffic monitoring
US7969893B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Aug 24, 2009 |
| Grant date | Jun 28, 2011 |
| Priority date | — |
| Expiry date | Jan 15, 2030 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L43/0882
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A technique for identifying deviations in patterns of data traffic between host devices communicating over a network involves establishing a baseline traffic distribution by categorizing data traffic during a learning period. The baseline traffic distribution includes a list of categories and a metric value and a measure of variability of the metric value for each category in the list. An observed traffic distribution is generated by categorizing data traffic during an observation period. The observed traffic distribution includes a list of categories and a metric value associated with each category in the list. An alarm is generated in response to at least one of the metric values of the categories of the observed traffic distribution deviating significantly from the corresponding metric value in the baseline traffic distribution based on a pair-wise comparison of the observed metric values with respective thresholds established for corresponding categories of the baseline traffic distribution.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.