Context aware network security monitoring for threat detection

Assignee

• The Boeing Company · US

Inventors

• Arun Ayyagari · Seattle, US
• Timothy M. Aldrich · Kent, US
• David E. Corman · Creve Coeur, US
• Gregory M. Gutt · Ashburn, US
• David A. Whelan · Newport Beach, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04W12/64
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

The disclosed method involves monitoring behavior of at least one node, associated with at least one user, in a network to generate a behavior profile for the user(s). The method further involves comparing the behavior profile for at least one user with a baseline behavior profile for the user(s). Also, the method involves determining when there is a difference between the behavior profile for at least one user and the baseline behavior profile for the user(s). Further, the method involves flagging an event associated with the difference: when the difference exceeds a baseline threshold level, does not exceed a baseline threshold level, meets at least one criterion, and/or does not meet at least one criterion. Additionally, the method involves classifying the event to an event classification. Further, the method involves transmitting the event to at least one other node in the network and/or a network operations center.