| 发明名称 |
INTRA-DATACENTER ATTACK DETECTION |
| 摘要 |
An example method can include receiving a traffic report from a sensor and using the traffic report to detect intra-datacenter flows. These intra-datacenter flows can then be compared with a description of historical flows. The description of historical flows can identify characteristics of normal and malicious flows. Based on the comparison, the flows can be classified and tagged as normal, malicious, or anomalous. If the flows are tagged as malicious or anomalous, corrective action can be taken with respect to the flows. A description of the flows can then be added to the description of historical flows. |
| 申请公布号 |
US2016359877(A1) |
申请公布日期 |
2016.12.08 |
| 申请号 |
US201615145630 |
申请日期 |
2016.05.03 |
| 申请人 |
Cisco Technology, Inc. |
发明人 |
Kulshreshtha Ashutosh;Rao Supreeth Hosur Nagesh;Yadav Navindra;Gupta Anubhav;Gupta Sunil Kumar;Malhotra Varun Sagar;Gandham Shashidhar |
| 分类号 |
H04L29/06;H04L12/26 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computer-implemented method, comprising:
capturing, by a datacenter analytics module that analyzes intra-datacenter flows and extra-datacenter flows, a subset of the intra-datacenter flows; obtaining, by the datacenter analytics module, a comparison of the subset of the intra-datacenter-data flows and historical flows; determining, by the datacenter analytics module, that the subset of the intra-datacenter flows corresponds to anomalous traffic based on the comparison; and analyzing, by the datacenter analytics module, the subset of the intra-datacenter flows to determine whether the subset of the intra-datacenter flows corresponds to malicious traffic. |
| 地址 |
San Jose CA US |
