Apparatus and method for utilizing fourier transforms to characterize network traffic

摘要

A non-transitory computer readable storage medium, comprising executable instructions to collect network traffic data, produce a Fourier signature from the network traffic data, associate the Fourier signature with a known pattern, collect new network traffic data, produce a new Fourier signature from the new network traffic data, compare the new Fourier signature with the Fourier signature to selectively identify a match and associate the new network traffic data with the known pattern upon a match.

主权项

1. A machine, comprising:
a processor; and a memory connected to the processor, the memory storing instructions executed by the processor to: collect packet based network traffic timing data into an array; form a histogram by binning the array into individual bins representing units of time; produce a Fourier signature from the packet based network traffic timing data, wherein the instructions to produce include instructions to use each bin as a binary amplitude signal measurement that is Fourier transformed; associate the Fourier signature with a known pattern associated with a dangerous application or user; add the Fourier signature to a Fourier signature library comprising previously produced Fourier signatures associated with dangerous applications or users; collect new packet based network traffic timing data into a new array; form a histogram by binning the new array into individual bins representing units of time; produce a new Fourier signature from the new packet based network traffic timing data, wherein the instructions to produce include instructions to use each bin as a binary amplitude signal measurement that is Fourier transformed; compare the new Fourier signature with the Fourier signature of the Fourier signature library to selectively identify a Fourier signature match; associate the new network traffic data with the known pattern upon the Fourier signature match: and take computer security prophylactic actions against the dangerous application or user in response to the Fourier signature match.