Class discovery for automated discovery, attribution, analysis, and risk assessment of security threats

Assignee

• Narus, Inc. · US

Inventors

• Antonio Nucci · San Jose, US
• Prakash Mandayam Comar · Chennai, IN
• Sabyasachi Saha · Sunnyvale, US
• Lei Liu · Thousand Oaks, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/577
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A method for profiling network traffic of a network. The method includes obtaining a signature library comprising a plurality of signatures corresponding to a plurality of behavioral models, generating, based on a first pre-determined criterion, a group behavioral model associated with the signature library, wherein the group behavioral model represents a common behavior of a plurality of historical flows identified from the network traffic, wherein each of the plurality of signatures correlates to a subset of the plurality of historical flows, selecting a flow in the network traffic for including in a target flow set, wherein the flow matches the group behavioral model without matching any of the plurality of behavioral models, analyzing the target flow set to generate a new signature, and adding the new signature to the signature library. Further, each behavioral model is generated from a kernel constructed using boosting of decision tree learning methods.