Detecting suspicious web traffic from an enterprise network
US9503468B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Apr 28, 2015 |
| Grant date | Nov 22, 2016 |
| Priority date | — |
| Expiry date | Apr 28, 2035 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/101
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Methods, apparatus and articles of manufacture for detecting suspicious web traffic are provided herein. A method includes generating a database comprising information corresponding to each of multiple connections between one or more destinations external to an enterprise network and one or more hosts within the enterprise network, wherein said multiple connections occur over a given period of time; processing multiple additional connections between one or more destinations external to the enterprise network and one or more hosts within the enterprise network with one or more filtering operations to produce one or more filtered connections, wherein said multiple additional connections occur subsequent to said given period of time; and analyzing said filtered connections against the database to identify a connection to a destination external to the enterprise network that is not included in the information in the database.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.