| 发明名称 |
METHOD AND SYSTEM FOR DETECTING THREATS USING PASSIVE CLUSTER MAPPING |
| 摘要 |
An approach for detecting network threats is disclosed, that may involve receiving network traffic, plotting the network traffic in a n-dimensional feature space to form a network map, generating a client signature at least by placing new client points in the map, setting a threshold, and generating an alarm if one or more client activity points exceed the threshold. In some embodiments, the network map and the client signature are updated using sliding windows and distance calculations. |
| 申请公布号 |
US2016149936(A1) |
申请公布日期 |
2016.05.26 |
| 申请号 |
US201514944128 |
申请日期 |
2015.11.17 |
| 申请人 |
Vectra Networks, Inc. |
发明人 |
Pegna David Lopes;Beauchesne Nicolas |
| 分类号 |
H04L29/06;H04L29/08 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for detecting network threats, comprising:
receiving network traffic generated by a plurality of clients in a network; mapping the network traffic in a network feature space as a first set of client points; forming client groups from the first set of clients points, wherein points in a client group share a center point; generating client signature data based at least in part on distances from a second set of client points to one or more of the client groups; and generating alarm data in response to one or more client activity events exceeding a threshold. |
| 地址 |
San Jose CA US |
