- Patent Title: Anomaly detection based on connection requests in network traffic
-
Application No.: US16050368Application Date: 2018-07-31
-
Publication No.: US10587633B2Publication Date: 2020-03-10
- Inventor: Sudhakar Muddu , Christos Tryfonas , Marios Iliofotou
- Applicant: Splunk Inc.
- Applicant Address: US CA San Francisco
- Assignee: SPLUNK INC.
- Current Assignee: SPLUNK INC.
- Current Assignee Address: US CA San Francisco
- Agency: Perkins Coie LLP
- Main IPC: H04L9/00
- IPC: H04L9/00 ; H04L29/06 ; G06N20/00 ; G06F16/25 ; G06F16/28 ; G06F16/44 ; G06F16/901 ; G06F16/2457 ; H04L12/26 ; G06N7/00 ; G06F3/0482 ; G06K9/20 ; G06F3/0484 ; H04L12/24 ; G06N5/04 ; G06N5/02
Abstract:
The disclosed embodiments include a method performed by a computer system. The method includes forming groups of traffic, where each group includes a subset of detected connection requests. The method further includes determining a periodicity of connection requests for each group, identifying a particular group based on whether the periodicity of connection requests of the particular group satisfies a periodicity criterion, determining a frequency of the particular group in the traffic, and identifying the particular group as an anomaly based on whether the frequency of the particular group satisfies a frequency criterion.
Public/Granted literature
- US20180367551A1 ANOMALY DETECTION BASED ON CONNECTION REQUESTS IN NETWORK TRAFFIC Public/Granted day:2018-12-20
Information query
