发明名称 |
Apparatus and method for utilizing fourier transforms to characterize network traffic |
摘要 |
A non-transitory computer readable storage medium, comprising executable instructions to collect network traffic data, produce a Fourier signature from the network traffic data, associate the Fourier signature with a known pattern, collect new network traffic data, produce a new Fourier signature from the new network traffic data, compare the new Fourier signature with the Fourier signature to selectively identify a match and associate the new network traffic data with the known pattern upon a match. |
申请公布号 |
US9491070(B2) |
申请公布日期 |
2016.11.08 |
申请号 |
US201313861655 |
申请日期 |
2013.04.12 |
申请人 |
Symantec Corporation |
发明人 |
Wood Matthew S.;Levy Joseph H. |
分类号 |
G06F15/173;H04L12/26;H04L12/24;G06F21/55;H04L29/06 |
主分类号 |
G06F15/173 |
代理机构 |
Baker Botts L.L.P. |
代理人 |
Baker Botts L.L.P. |
主权项 |
1. A machine, comprising:
a processor; and a memory connected to the processor, the memory storing instructions executed by the processor to: collect packet based network traffic timing data into an array; form a histogram by binning the array into individual bins representing units of time; produce a Fourier signature from the packet based network traffic timing data, wherein the instructions to produce include instructions to use each bin as a binary amplitude signal measurement that is Fourier transformed; associate the Fourier signature with a known pattern associated with a dangerous application or user; add the Fourier signature to a Fourier signature library comprising previously produced Fourier signatures associated with dangerous applications or users; collect new packet based network traffic timing data into a new array; form a histogram by binning the new array into individual bins representing units of time; produce a new Fourier signature from the new packet based network traffic timing data, wherein the instructions to produce include instructions to use each bin as a binary amplitude signal measurement that is Fourier transformed; compare the new Fourier signature with the Fourier signature of the Fourier signature library to selectively identify a Fourier signature match; associate the new network traffic data with the known pattern upon the Fourier signature match: and take computer security prophylactic actions against the dangerous application or user in response to the Fourier signature match. |
地址 |
Mountain View CA US |