| 发明名称 | Traffic anomaly analysis for the detection of aberrant network code | ||
| 摘要 | A method for detecting nodes in an enterprise network infected with aberrant code is presented in which traffic conversation information representative of traffic conversation in the enterprise network over an analysis period is obtained. Analysis of the obtained traffic conversation information identifies suspected infected nodes in the enterprise network that exhibit behavior outside of the normal behavior associated with the one or more traffic conversation factors. Anomaly analysis may be performed on traffic conversation information associated with the suspected infected nodes to identify any existing infected nodes in the enterprise network. | ||
| 申请公布号 | US9467462(B2) | 申请公布日期 | 2016.10.11 |
| 申请号 | US200511227763 | 申请日期 | 2005.09.15 |
| 申请人 | Hewlett Packard Enterprise Development LP | 发明人 | Reves Joseph P. |
| 分类号 | H04J3/14;H04L29/06 | 主分类号 | H04J3/14 |
| 代理机构 | The Law Office of Jessica Costa PC | 代理人 | The Law Office of Jessica Costa PC |
| 主权项 | 1. A method, comprising: obtaining a first plurality of values representative of data transported via respective ones of a plurality of traffic conversations within an enterprise network during an analysis period; computing, via a processor, a statistical attribute of the first plurality of values; computing, via the processor, a threshold based on the computed statistical attribute; comparing the first plurality of values to the computed threshold to identify a subset of nodes of the enterprise network suspected of including aberrant code; and identifying from the subset of nodes a first node as including the aberrant code based on a second plurality of values characterizing destinations contacted by respective ones of the subset of nodes. | ||
| 地址 | Houston TX US | ||