The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Aug. 14, 2018
Filed:
Mar. 28, 2017
Symantec Corporation, Mountain View, CA (US);
Varun Mohta, Mountain View, CA (US);
Zhipeng Zhao, Sunnyvale, CA (US);
Michael Sylvester Pukish, Santa Clara, CA (US);
SYMANTEC CORPORATION, Mountain View, CA (US);
Abstract
Real-time anomaly detection in a network using state transitions. In one embodiment, a method may include identifying a sequence of messages sent between a first network node and a second network node over a network link. The method may further include identifying a sequence of message states for the sequence of messages. The method may also include identifying variable-length candidate patterns in the sequence of message states. The method may further include adding the candidate patterns to a baseline pattern store. The method may also include comparing a real-time sequence of messages to patterns in the baseline pattern store to detect anomalies in the real-time sequence of messages. The method may further include, in response to the detecting of the anomalies, alerting a security action on one or more of the first network node, the second network node, and the network link using the detected anomalies.