发明名称 |
Network Traffic Analysis to Enhance Rule-Based Network Security |
摘要 |
A method of interpreting a rule and a rule-interpreting apparatus for rule-based security apparatus, and an apparatus implementing the method. The method comprises the following steps: designating a suspicious timeslot; if any packet does not present in the designated timeslot, capturing current incoming packets or capturing other incoming packets in the designated timeslot next time; automatically associating the packets in the designated timeslot to form at least one traffic flow corresponding to a connection or call; analyzing the at least one traffic flow to select at least one suspicious target traffic flow; and outputting the at least one selected suspicious target flow. |
申请公布号 |
US2015350161(A1) |
申请公布日期 |
2015.12.03 |
申请号 |
US201414448705 |
申请日期 |
2014.07.31 |
申请人 |
International Business Machines Corporation |
发明人 |
Hsu Sheng-Tung;Lee Chien Pang;Yao Pei-Chun |
分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
代理机构 |
|
代理人 |
|
主权项 |
1. A method of capturing packets applied to a rule-based security apparatus, comprising steps of:
designating a suspicious timeslot; automatically associating packets in the designated timeslot to form at least one traffic flow corresponding to a connection; analyzing the at least one traffic flow to select at least one suspicious target traffic flow; and outputting the at least one selected suspicious target traffic flow. |
地址 |
Armonk NY US |