Method and apparatus for identifying a threatening network
US9276948B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 28, 2012 |
| Grant date | Mar 1, 2016 |
| Priority date | — |
| Expiry date | Jun 25, 2034 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1425
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A system and method for identifying a threatening network is provided. The system comprises a network movement before/after algorithm that provides a graphical plot of changes in networks' communications activity from before to after a key event occurs, so that an analyst is able to identify anomalous behavior; a network progression algorithm that provides a graphical plot to analyze behavior in small increments of time without specification or emphasis upon a particular event, so that the analyst is able to see a trend in behavioral changes; a statistical network anomaly ranking algorithm that provides as output a ranked list of the networks; and an anomaly trend graphs algorithm that analyzes and visualizes the networks' anomaly scores over time, so that the analyst is able to see which networks are consistently suspicious, which networks accumulate more suspiciousness in response to an event, and which networks are trending toward more suspiciousness.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.