公开(公告)号：US20150264072A1

公开(公告)日：2015-09-17

申请号：US14214088

申请日：2014-03-14

Applicant: General Dynamics Advanced Information Systems

Inventor： Gene Savchuk ,  Anubhav Arora

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L43/026 ,  H04L43/12 ,  H04L43/18 ,  H04L63/0227 ,  H04L63/1416 ,  H04L63/1433

Abstract: Systems and methods are provided for advanced persistent threat detection on a network. The method includes capturing data packets from a network and performing layered session decoding on the captured packets. Metadata is extracted from the decoded packets and is stored for analysis. Analysis of the metadata is used to detect advanced persistent threats on the network. The system includes a network and a processor coupled to the network. The processor is configured to capture data packets from the network and perform layered session decoding on the captured packets. Metadata is extracted by the processor and stored in a memory coupled to the processor. The metadata may then be analyzed to detect advanced persistent threats on the network.

Abstract translation: 系统和方法用于网络上的高级持续威胁检测。 该方法包括从网络捕获数据分组，并对所捕获的分组执行分层会话解码。 从解码的数据包中提取元数据，并存储用于分析。 元数据的分析用于检测网络上的高级持续威胁。 该系统包括耦合到网络的网络和处理器。 处理器被配置为从网络捕获数据分组，并对捕获的分组执行分层会话解码。 元数据由处理器提取并存储在耦合到处理器的存储器中。 然后可以分析元数据以检测网络上的高级持续威胁。

公开(公告)号：US09961095B2

公开(公告)日：2018-05-01

申请号：US14214088

申请日：2014-03-14

Applicant: General Dynamics Advanced Information Systems

Inventor： Gene Savchuk ,  Anubhav Arora

IPC: H04L29/06 ,  H04L12/26

CPC classification number: H04L63/1425 ,  H04L43/026 ,  H04L43/12 ,  H04L43/18 ,  H04L63/0227 ,  H04L63/1416 ,  H04L63/1433

Abstract: Systems and methods are provided for advanced persistent threat detection on a network. The method includes capturing data packets from a network and performing layered session decoding on the captured packets. Metadata is extracted from the decoded packets and is stored for analysis. Analysis of the metadata is used to detect advanced persistent threats on the network. The system includes a network and a processor coupled to the network. The processor is configured to capture data packets from the network and perform layered session decoding on the captured packets. Metadata is extracted by the processor and stored in a memory coupled to the processor. The metadata may then be analyzed to detect advanced persistent threats on the network.