摘要 |
The present invention passively monitors computer network traffic to determine when a potential network attack is underway. The system, method and computer program product initiates the process using a learning mode that identifies unique source and destination Internet Protocol (IP) address pairs. Then the frequency of these the IP pairs are computed for multiple periods. In the analyze mode, the frequency for each IP pair is statistically analyzed and a threshold set based on rules. In the run mode, the frequency of IP pairs are computed and compared to the thresholds. If a threshold is crossed, an alert is generated that a network administrator or other user can react to. |