摘要 |
Methods, apparatus and computer program products that protect networks from malware and botnet activity include collecting xFlow data associated with a network, analyzing the collected xFlow data to detect anomalous traffic on the network, investigating the presence of malware on the network in response to detecting anomalous traffic on the network, and taking remedial action to eradicate and/or isolate malware detected on the network. Collecting xFlow data includes capturing xFlow data at a router that connects the network and a communications network, and sending the captured xFlow data to a local or remote xFlow collector. Analyzing collected xFlow data, locally or remotely, to detect anomalous traffic includes applying one or more activity profiling algorithms to the xFlow data.
|