The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

G06F 11/00 (2006.01); G06F 12/14 (2006.01); G08B 23/00 (2006.01); H04L 29/06 (2006.01); H04L 12/26 (2006.01); H04L 12/24 (2006.01);

U.S. Cl.

CPC ...

H04L 43/062 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 41/145 (2013.01);

Abstract

An intrusion detection arrangement for communication networks comprising a network activity observer configured to monitor network traffic by the related traffic elements, such as data packets, thereof and to establish traffic profiles relative to the monitored traffic elements, such as one profile per each monitored traffic element, a misuse detector configured to determine a first indication of a probability of the profiled traffic representing malicious activity through co-operation with a model repository comprising at least one model characterizing a known intrusion attack, an anomaly detector configured to determine, at least logically in parallel with the misuse detector, a second indication of a probability of the profiled traffic representing anomalous activity through cooperation with a model repository comprising at least one model characterizing legitimate network activity, and a classifier configured to operate on said first and second indications to generate a classification decision on the nature of the profiled traffic, wherein the applied classification space includes at least one class for legitimate traffic and at least one other class for other traffic such as malicious and/or anomalous traffic. A corresponding method is presented.

Find Patent Forward Citations