Patent · US Active

Methods, devices and computer program products for actionable alerting of malevolent network addresses based on generalized traffic anomaly analysis of IP address aggregates

US8874763B2 · kind B2 · utility

1Cited by

5References

16Claims

0Family size

Assignee

AT&T Intellectual Property I, L.P. · US

Inventors

Willa Ehrlich · Highland Park, US
Ratna Chakka · Fairfax, US
Eric Fermon · Bothell, US
David Hoeflin · Middletown, US
Manuel Ortiz, Jr. · Easton, US

Key dates

Filing date	Nov 5, 2010
Grant date	Oct 28, 2014
Priority date	—
Expiry date	May 25, 2032

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/14
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Methods for providing alerts in a network are disclosed. Some methods include collecting network traffic data corresponding to multiple subsets of network addresses during a predefined time interval. A suspect subset of the subsets of network addresses that corresponds to anomalous network activity may be identified based on the network traffic data and using at least one of multiple anomaly detection metrics. A source network address within the suspect subset of network addresses that corresponds to the anomalous network activity is identified. An alert corresponding to the source network address may be generated.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.