摘要 |
<p>Embodiments of the invention are concerned with a method of, and apparatus for, identifying types of network behaviour for use in identifying aberrant network behaviour. In particular, embodiments are concerned with identifying email viruses. The method comprises the steps of: collecting data representative of network traffic that has travelled over a network; training a classification means to recognise a plurality of network behaviour types from the collected data; and for unseen data travelling over the network, classifying the unseen data into one of the defined network behaviour types. <IMAGE></p> |