Patent · US Active

Modeling and outlier detection in threat management system data

US9444836B2 · kind B2 · utility

4Cited by

0References

20Claims

0Family size

Assignee

AT&T Intellectual Property I, L.P. · US

Inventors

Jeremy Huntley Wright · Hackettstown, US
John Hogoboom · Boonton, US
Chaim Spielman · Spring Valley, US

Key dates

Filing date	Feb 29, 2016
Grant date	Sep 13, 2016
Priority date	—
Expiry date	Feb 29, 2036

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1416
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Methods, systems, and computer-readable media for identifying potential threats on a network based on anomalous behavior in communication between endpoints are provided. Traffic data for a network is accumulated over some period of time. The traffic data is grouped by one or more keys, such as source IP address, and sets of metric values are calculated for the keys. A mixture distribution, such as a negative binomial mixture distribution, is fitted to each set of metric values, and outlying metric values are determined based on the mixture distribution(s). A list of outliers is then generated comprising key values having outlying metric values in one or more of the sets of metric values.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.