Invention Grant
US09258217B2 Systems and methods for rule-based anomaly detection on IP network flow
有权
基于规则的IP网络异常检测系统与方法
- Patent Title: Systems and methods for rule-based anomaly detection on IP network flow
- Patent Title (中): 基于规则的IP网络异常检测系统与方法
-
Application No.: US12568044Application Date: 2009-09-28
-
Publication No.: US09258217B2Publication Date: 2016-02-09
- Inventor: Nicholas Duffield , Patrick Haffner , Balachander Krishnamurthy , Haakon Andreas Ringberg
- Applicant: Nicholas Duffield , Patrick Haffner , Balachander Krishnamurthy , Haakon Andreas Ringberg
- Applicant Address: US GA Atlanta
- Assignee: AT&T Intellectual Property I, L.P.
- Current Assignee: AT&T Intellectual Property I, L.P.
- Current Assignee Address: US GA Atlanta
- Agency: Hartman & Citrin LLC
- Main IPC: H04L12/721
- IPC: H04L12/721 ; H04L12/26 ; G06F21/55 ; H04L12/703 ; H04L12/801 ; H04L12/851 ; H04L29/06 ; H04L12/24
Abstract:
A system to detect anomalies in internet protocol (IP) flows uses a set of machine-learning (ML) rules that can be applied in real time at the IP flow level. A communication network has a large number of routers that can be equipped with flow monitoring capability. A flow collector collects flow data from the routers throughout the communication network and provides them to a flow classifier. At the same time, a limited number of locations in the network monitor data packets and generate alerts based on packet data properties. The packet alerts and the flow data are provided to a machine learning system that detects correlations between the packet-based alerts and the flow data to thereby generate a series of flow-level alerts. These rules are provided to the flow time classifier. Over time, the new packet alerts and flow data are used to provide updated rules generated by the machine learning system.
Public/Granted literature
- US20100153316A1 SYSTEMS AND METHODS FOR RULE-BASED ANOMALY DETECTION ON IP NETWORK FLOW Public/Granted day:2010-06-17
Information query
