System for identifying illegitimate communications between computers by comparing evolution of data flows

Assignee

• Lancaster University Business Enterprises Limited · GB

Inventors

• Plamen Angelov · Lancaster, GB
• Radovan Bruncak · Lancaster, GB
• David Bruce Hutchison · Lancaster, GB
• Steven Ray Simpson · Lancaster, GB
• Paul D. Smith · Lexington, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/16
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method and apparatus for identifying similar and coordinated communications between computers connected by a network are described. Communications between a plurality of pairs of computers are monitored to obtain respective flow metrics for a first and second pair of computers. The flow metric represents at least one property of the data flow between the pair of computers. Representations of the evolution of the data flows between the pairs of computers are updated using the flow metrics. The representations of the evolution of the data flows are compared to determine the similarity of the data flows between the pairs of computers. The first pair of computers and the second pair of computers are identified as exhibiting similar and coordinated communication if their data flows are determined to be similar.