Network surveillance
First Claim
Patent Images
1. A method of network surveillance, comprising:
- receiving network packets handled by a network entity;
building at least one long-term and at least one short-term statistical profile from at least one measure of the network packets, the at least one measure monitoring data transfers, errors, or network connections;
comparing at least one long-term and at least one short-term statistical profile; and
determining whether the difference between the short-term statistical profile and the long-term statistical profile indicates suspicious network activity.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and a least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the statistical profiles is used to determine whether the difference between the statistical profiles indicates suspicious network activity.
-
Citations
27 Claims
-
1. A method of network surveillance, comprising:
-
receiving network packets handled by a network entity;
building at least one long-term and at least one short-term statistical profile from at least one measure of the network packets, the at least one measure monitoring data transfers, errors, or network connections;
comparing at least one long-term and at least one short-term statistical profile; and
determining whether the difference between the short-term statistical profile and the long-term statistical profile indicates suspicious network activity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method of network surveillance, comprising:
-
monitoring network packets handled by a network entity;
building a long-term and multiple short-term statistical profiles of the network packets;
comparing one of the multiple short-term statistical profiles with the long-term statistical profile; and
determining whether the difference between the one of the multiple short-term statistical profiles and the long-term statistical profile indicates suspicious network activity. - View Dependent Claims (22, 23)
-
-
24. A computer program product, disposed on a computer readable medium, the product including instructions for causing a processor to:
-
receive network packets handled by a network entity;
build at least one long-term and at least one short-term statistical profile from at least one measure of the network packets, the measure monitoring data transfers, errors, or network connections;
compare at least one short-term and at least one long-term statistical profile; and
determine whether the difference between the short-term statistical profile and the long-term statistical profile indicates suspicious network activity.
-
-
25. A method of network surveillance, comprising:
-
receiving packets at a virtual private network entity; and
building at least one long-term and at least one short-term statistical profile based on the received packets, and comparing at least one long-term statistical profile with at least one short-term statistical profile to determine whether the packets indicate suspicious network activity. - View Dependent Claims (26, 27)
-
Specification