| 发明名称 |
COMPUTER NETWORKS |
| 摘要 |
A method and apparatus for identifying similar and coordinated communications between computers connected by a network are described. Communications between a plurality of pairs of computers are monitored to obtain respective flow metrics for a first and second pair of computers. The flow metric represents at least one property of the data flow between the pair of computers. Representations of the evolution of the data flows between the pairs of computers are updated using the flow metrics. The representations of the evolution of the data flows are compared to determine the similarity of the data flows between the pairs of computers. The first pair of computers and the second pair of computers are identified as exhibiting similar and coordinated communication if their data flows are determined to be similar. |
| 申请公布号 |
US2015304198(A1) |
申请公布日期 |
2015.10.22 |
| 申请号 |
US201514677283 |
申请日期 |
2015.04.02 |
| 申请人 |
Lancaster University Business Enterprises Ltd. |
发明人 |
ANGELOV Plamen;BRUNCAK Radovan;HUTCHISON David;SIMPSON Steven;SMITH Paul |
| 分类号 |
H04L12/26;H04L29/06 |
主分类号 |
H04L12/26 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A real-time method of identifying similar and coordinated communications between a plurality of computers connected by a network, the method comprising:
monitoring communications between a plurality of pairs of computers over the network to obtain a first flow metric for a first pair of computers and a second flow metric for a second pair of computers, wherein the first flow metric represents at least one property of a first data flow between the first pair of computers and the second flow metric represents at least one property of a second data flow between the second pair of computers; updating a representation of the evolution of the first data flow between the first pair of computers using the first flow metric or updating a representation of the evolution of the second data flow between the second pair of computers using the second flow metric; comparing the representation of the evolution of the first data flow and the representation of the evolution of the second data flow to determine the similarity of the first data flow and the second data flow; and identifying the first pair of computers and the second pair of computers as exhibiting similar and coordinated communication if the first data flow and second data flow are determined to be similar. |
| 地址 |
Lancaster GB |
