System and method of detecting malicious traffic while reducing false positives
US8776229B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Aug 28, 2013 |
| Grant date | Jul 8, 2014 |
| Priority date | — |
| Expiry date | Aug 28, 2033 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1458
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A system comprises a traffic analysis device and a network device. The traffic analysis device is configured to analyze network traffic received over a communication network and duplicate at least select network communications within the network traffic having characteristics associated with malicious traffic when determined through heuristic analysis to satisfy a heuristic threshold. The network device comprises a controller in communication with one or more virtual machines that are configured to (i) receive the duplicated network communications from the traffic analysis device, (ii) monitor a behavior of a first virtual machine of the one or more virtual machines in response to processing of the duplicated network communications within the first virtual machine, (iii) identify an anomalous behavior as an unexpected occurrence in the monitored behavior, and (iv) determine, based on the identified anomalous behavior, the presence of the malicious traffic in the duplicated network communications.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.