公开(公告)号：US10834106B2

公开(公告)日：2020-11-10

申请号：US16150731

申请日：2018-10-03

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Yaron Koral ,  Rensheng Wang Zhang ,  Eric Noel ,  Patrick Velardo, Jr. ,  Swapna Buccapatnam Tirumala

IPC: H04L29/06 ,  G06N3/08 ,  G06K9/62 ,  H04L12/26

Abstract: A method may include a processing system assigning samples of network traffic data to positions in a list, where each of the samples is assigned a cluster identifier corresponding to the respective position, and traversing the list, where for each position, the processing system: increments an order indicator, and when the cluster identifier is not less than the order indicator, computes a distance between a sample assigned to the position and other samples, records a cluster identifier of another sample when a distance between the sample and the other sample is less than a threshold distance, and assigns a minimum cluster identifier that is recorded to all of the samples with cluster identifiers that are recorded. The processing system may determine clusters from cluster identifiers in the list after the traversing and identify at least one cluster as representing anomalous network traffic data.

公开(公告)号：US11470101B2

公开(公告)日：2022-10-11

申请号：US16150834

申请日：2018-10-03

Applicant: AT&T Intellectual Property I, L.P. ,  AT&T Technical Services Company, Inc.

Inventor： Yaron Koral ,  Rensheng Wang Zhang ,  Eric Noel ,  Patrick Velardo, Jr. ,  Richard Hellstern ,  Swapna Buccapatnam Tirumala ,  Anestis Karasaridis

IPC: H04L9/40 ,  G06N3/04 ,  G06F17/16 ,  H04L43/16 ,  G06N3/08 ,  G08G1/01 ,  G06F16/245

Abstract: A method may include a processing system having at least one processor obtaining a first plurality of domain name system traffic records, generating an input aggregate vector from the first plurality of domain name system traffic records, where the input aggregate vector comprises a plurality of features derived from the first plurality of domain name system traffic records, and applying an encoder-decoder neural network to the input aggregate vector to generate a reconstructed vector, where the encoder-decoder neural network is trained with a plurality of aggregate vectors generated from a second plurality of domain name system traffic records. In one example, the processing system may then calculate a distance between the input aggregate vector and the reconstructed vector, and apply at least one remedial action associated with the first plurality of domain name system traffic records when the distance is greater than a threshold distance.

公开(公告)号：US10447713B2

公开(公告)日：2019-10-15

申请号：US15497672

申请日：2017-04-26

Applicant: AT&T Intellectual Property I, L.P. ,  AT&T Technical Services Company, Inc.

Inventor： Rensheng Zhang ,  Richard Hellstern ,  Anestis Karasaridis ,  Patrick Velardo, Jr.

IPC: H04L29/06 ,  H04L12/26 ,  H04W4/70

Abstract: Concepts and technologies disclosed herein are directed to internet traffic classification via time-frequency analysis. According to one aspect of the concepts and technologies disclosed herein, a security classification scheme can be implemented to identify potentially malicious activities from normal internet traffic. The security classification scheme can exploit the distinctive characteristics of different types of traffic in both frequency domain and time domain to identify four different cases. Due to the separation of different types of traffic, the security classification scheme can lower the false alarm rate and improve network security. The security classification scheme can utilize a recursive discrete Fourier transform (“DFT”) implementation to enhance computational efficiency. The security classification scheme can be deployed for real-time network traffic monitoring due to an efficient streaming design and can be effectively used to detect and predict when and where the suspicious activities occur within a monitored network.