| 发明名称 |
DETECTING AND MANAGING ABNORMAL DATA BEHAVIOR |
| 摘要 |
Methods and systems for providing destination-specific network management are described. One example method includes determining a normal data movement profile for a computing device based on observed normal data transfer behavior by the computing device; identifying a data movement rule associated with the computing device, the data movement rule including a deviation amount, and one or more actions to take when the computing device deviates from the normal data movement profile by more than the deviation amount; detecting a data movement associated with the computing device; determining that the detected data movement exceeds the deviation amount included in the data movement rule relative to the normal data movement profile for the computing device; and performing the one or more actions associated with the data movement rule upon determining that the data movement violates the data movement rule. |
| 申请公布号 |
US2016072848(A1) |
申请公布日期 |
2016.03.10 |
| 申请号 |
US201514944057 |
申请日期 |
2015.11.17 |
| 申请人 |
iboss, Inc. |
发明人 |
Martini Paul Michael;Martini Peter Anthony |
| 分类号 |
H04L29/06;H04L29/08 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method performed by one or more processors, the method comprising:
identifying one or more data movements performed by a particular computing device over a network; determining a normal data movement profile for the particular computing device based on one or more identified data transfers during a particular time period, the normal data movement profile including one or more normal data movement attributes associated with the particular computing device; identifying a data movement rule associated with the particular computing device, the data movement rule including a deviation amount representing a difference between an attribute of a detected data movement by the particular computing device and a corresponding normal data movement attribute included in the normal data movement profile for the particular computing device that indicates a violation of the data movement rule, and the data movement rule including one or more actions to be performed in response to a violation; detecting a data movement associated with the particular computing device; determining that the detected data movement represents a violation of the data movement rule; and performing the one or more actions associated with the data movement rule upon determining that the detected data movement represents a violation of the data movement rule. |
| 地址 |
San Diego CA US |
