Detecting anomalous network application behavior
US8185953B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 8, 2007 |
| Grant date | May 22, 2012 |
| Priority date | — |
| Expiry date | Jan 26, 2030 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1408
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
System and Method for detecting anomalous network application behavior. Network traffic between at least one client and one or more servers may be monitored. The client and the one or more servers may communicate using one or more application protocols. The network traffic may be analyzed at the application-protocol level to determine anomalous network application behavior. Analyzing the network traffic may include determining, for one or more communications involving the client, if the client has previously stored or received an identifier corresponding to the one or more communications. If no such identifier has been observed in a previous communication, then the one or more communications involving the client may be determined to be anomalous. A network monitoring device may perform one or more of the network monitoring, the information extraction, or the information analysis.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.