公开(公告)号：US20140007237A1

公开(公告)日：2014-01-02

申请号：US14016162

申请日：2013-09-02

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Jeremy Wright ,  John Hogoboom ,  Chaim Spielman

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F21/552 ,  H04L63/1416

Abstract: Methods, systems, and computer-readable media for identifying potential threats on a network based on anomalous behavior in communication between endpoints are provided. Traffic data for a network is accumulated over some period of time. The traffic data is grouped by one or more keys, such as source IP address, and sets of metric values are calculated for the keys. A mixture distribution, such as a negative binomial mixture distribution, is fitted to each set of metric values, and outlying metric values are determined based on the mixture distribution(s). A list of outliers is then generated comprising key values having outlying metric values in one or more of the sets of metric values.

Abstract translation: 提供了用于基于端点之间的通信中的异常行为来识别网络上的潜在威胁的方法，系统和计算机可读介质。 网络的流量数据在一段时间内累积。 交通数据由一个或多个键（例如源IP地址）分组，并且针对密钥计算度量值集合。 混合分布，例如负二项式混合分布，适合于每组度量值，并且基于混合分布来确定偏离度量值。 然后生成异常值列表，其包括在度量值集合中的一个或多个集合中具有超出度量值的密钥值。

公开(公告)号：US09276949B2

公开(公告)日：2016-03-01

申请号：US14016162

申请日：2013-09-02

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Jeremy Wright ,  John Hogoboom ,  Chaim Spielman

IPC: H04L29/06 ,  G06F21/55

CPC classification number: H04L63/1425 ,  G06F21/552 ,  H04L63/1416

Abstract: Methods, systems, and computer-readable media for identifying potential threats on a network based on anomalous behavior in communication between endpoints are provided. Traffic data for a network is accumulated over some period of time. The traffic data is grouped by one or more keys, such as source IP address, and sets of metric values are calculated for the keys. A mixture distribution, such as a negative binomial mixture distribution, is fitted to each set of metric values, and outlying metric values are determined based on the mixture distribution(s). A list of outliers is then generated comprising key values having outlying metric values in one or more of the sets of metric values.

公开(公告)号：US09444836B2

公开(公告)日：2016-09-13

申请号：US15056670

申请日：2016-02-29

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Jeremy Wright ,  John Hogoboom ,  Chaim Spielman

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F21/552 ,  H04L63/1416

Abstract: Methods, systems, and computer-readable media for identifying potential threats on a network based on anomalous behavior in communication between endpoints are provided. Traffic data for a network is accumulated over some period of time. The traffic data is grouped by one or more keys, such as source IP address, and sets of metric values are calculated for the keys. A mixture distribution, such as a negative binomial mixture distribution, is fitted to each set of metric values, and outlying metric values are determined based on the mixture distribution(s). A list of outliers is then generated comprising key values having outlying metric values in one or more of the sets of metric values.

公开(公告)号：US20160182552A1

公开(公告)日：2016-06-23

申请号：US15056670

申请日：2016-02-29

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Jeremy Wright ,  John Hogoboom ,  Chaim Spielman

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F21/552 ,  H04L63/1416

Abstract: Methods, systems, and computer-readable media for identifying potential threats on a network based on anomalous behavior in communication between endpoints are provided. Traffic data for a network is accumulated over some period of time. The traffic data is grouped by one or more keys, such as source IP address, and sets of metric values are calculated for the keys. A mixture distribution, such as a negative binomial mixture distribution, is fitted to each set of metric values, and outlying metric values are determined based on the mixture distribution(s). A list of outliers is then generated comprising key values having outlying metric values in one or more of the sets of metric values.

Abstract translation: 提供了用于基于端点之间的通信中的异常行为来识别网络上的潜在威胁的方法，系统和计算机可读介质。 网络的流量数据在一段时间内累积。 交通数据由一个或多个键（例如源IP地址）分组，并且针对密钥计算度量值集合。 混合分布，例如负二项式混合分布，适合于每组度量值，并且基于混合分布来确定偏离度量值。 然后生成异常值列表，其包括在度量值集合中的一个或多个集合中具有超出度量值的密钥值。