Automated discovery, attribution, analysis, and risk assessment of security threats
US9094288B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Oct 26, 2011 |
| Grant date | Jul 28, 2015 |
| Priority date | — |
| Expiry date | Jan 20, 2033 |
Classification
- Technology area (CPC Y)Emerging Cross-Sectional Technologies
- CPC primaryY02D30/50
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method for profiling network traffic of a network. The method includes obtaining a signature library comprising a plurality of signatures each representing first data characteristics associated with a corresponding application executing in the network, generating, based on a first pre-determined criterion, a group behavioral model associated with the signature library, wherein the group behavioral model represents a common behavior of a plurality of historical flows identified from the network traffic, wherein each of the plurality of signatures correlates to a subset of the plurality of historical flows, selecting a flow in the network traffic for including in a target flow set, wherein the flow matches the group behavioral model without being correlated to any corresponding application of the plurality of signatures, analyzing the target flow set to generate a new signature, and adding the new signature to the signature library.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.