The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Mar. 12, 2019
Filed:
Jun. 24, 2016
Emc Ip Holding Company Llc, Hopkinton, MA (US);
Sanjiv Pandey, Hayward, CA (US);
EMC IP Holding Company LLC, Hopkinton, MA (US);
Abstract
Methods and apparatus are provided for detecting periodic behavior in a communication session using clustering. An exemplary method comprises obtaining a set of differences between timestamps of adjacent events for a given network session; assigning each difference in the set to a cluster using a clustering technique based on a distance between the difference and a mean time difference for each cluster; and providing clusters generated by the clustering technique, wherein each of the differences in each of the clusters correspond to events exhibiting periodic behavior with a period substantially equal to the mean time difference of the assigned cluster. The differences are optionally obtained and processed in real-time. The periodicity of a given cluster is measured, for example, based on a variance of the differences assigned to the given cluster. The clusters are optionally processed to identify suspicious communications associated with a computer security attack.