ATE516655T1 - Verfahren zur detektion von anomalien in einem kommunikationssystem, das symbolische paketmerkmale verwendet - Google Patents

Verfahren zur detektion von anomalien in einem kommunikationssystem, das symbolische paketmerkmale verwendet

Info

Publication number
ATE516655T1
ATE516655T1 AT07857165T AT07857165T ATE516655T1 AT E516655 T1 ATE516655 T1 AT E516655T1 AT 07857165 T AT07857165 T AT 07857165T AT 07857165 T AT07857165 T AT 07857165T AT E516655 T1 ATE516655 T1 AT E516655T1
Authority
AT
Austria
Prior art keywords
packet flow
symbolic
flow portion
detecting anomalies
concentration
Prior art date
Application number
AT07857165T
Other languages
English (en)
Inventor
Jovan Golic
Original Assignee
Telecom Italia Spa
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telecom Italia Spa filed Critical Telecom Italia Spa
Application granted granted Critical
Publication of ATE516655T1 publication Critical patent/ATE516655T1/de

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/022Capturing of monitoring data by sampling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/141Denial of service attacks against endpoints in a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
AT07857165T 2007-12-31 2007-12-31 Verfahren zur detektion von anomalien in einem kommunikationssystem, das symbolische paketmerkmale verwendet ATE516655T1 (de)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2007/011474 WO2009086843A1 (en) 2007-12-31 2007-12-31 Method of detecting anomalies in a communication system using symbolic packet features

Publications (1)

Publication Number Publication Date
ATE516655T1 true ATE516655T1 (de) 2011-07-15

Family

ID=39721948

Family Applications (1)

Application Number Title Priority Date Filing Date
AT07857165T ATE516655T1 (de) 2007-12-31 2007-12-31 Verfahren zur detektion von anomalien in einem kommunikationssystem, das symbolische paketmerkmale verwendet

Country Status (4)

Country Link
US (1) US8611219B2 (de)
EP (1) EP2227889B1 (de)
AT (1) ATE516655T1 (de)
WO (1) WO2009086843A1 (de)

Families Citing this family (111)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8095983B2 (en) 2005-03-15 2012-01-10 Mu Dynamics, Inc. Platform for analyzing the security of communication protocols and channels
US8095982B1 (en) 2005-03-15 2012-01-10 Mu Dynamics, Inc. Analyzing the security of communication protocols and channels for a pass-through device
US7958230B2 (en) 2008-09-19 2011-06-07 Mu Dynamics, Inc. Test driven deployment and monitoring of heterogeneous network systems
US9172611B2 (en) * 2006-09-01 2015-10-27 Spirent Communications, Inc. System and method for discovering assets and functional relationships in a network
US8316447B2 (en) 2006-09-01 2012-11-20 Mu Dynamics, Inc. Reconfigurable message-delivery preconditions for delivering attacks to analyze the security of networked systems
US7774637B1 (en) 2007-09-05 2010-08-10 Mu Dynamics, Inc. Meta-instrumentation for security analysis
US9100417B2 (en) * 2007-09-12 2015-08-04 Avaya Inc. Multi-node and multi-call state machine profiling for detecting SPIT
US9736172B2 (en) 2007-09-12 2017-08-15 Avaya Inc. Signature-free intrusion detection
US9438641B2 (en) * 2007-09-12 2016-09-06 Avaya Inc. State machine profiling for voice over IP calls
US8266693B1 (en) 2008-03-25 2012-09-11 Mcafee, Inc. System, method, and computer program product for identifying unwanted data communicated via a session initiation protocol
KR101161345B1 (ko) * 2009-09-09 2012-06-29 한국인터넷진흥원 VoIP트래픽 분석 및 공격성 비정상 VoIP탐지를 위한 통계정보 생성기 및 그 생성 방법
US20110138463A1 (en) * 2009-12-07 2011-06-09 Electronics And Telecommunications Research Institute Method and system for ddos traffic detection and traffic mitigation using flow statistics
KR20110067264A (ko) * 2009-12-14 2011-06-22 성균관대학교산학협력단 네트워크 이상징후 탐지장치 및 방법
US8654655B2 (en) * 2009-12-17 2014-02-18 Thomson Licensing Detecting and classifying anomalies in communication networks
US8547974B1 (en) 2010-05-05 2013-10-01 Mu Dynamics Generating communication protocol test cases based on network traffic
US8463860B1 (en) 2010-05-05 2013-06-11 Spirent Communications, Inc. Scenario based scale testing
US9106514B1 (en) 2010-12-30 2015-08-11 Spirent Communications, Inc. Hybrid network software provision
US8719926B2 (en) * 2011-02-11 2014-05-06 Verizon Patent And Licensing Inc. Denial of service detection and prevention using dialog level filtering
US8464219B1 (en) 2011-04-27 2013-06-11 Spirent Communications, Inc. Scalable control system for test execution and monitoring utilizing multiple processors
US9501640B2 (en) 2011-09-14 2016-11-22 Mcafee, Inc. System and method for statistical analysis of comparative entropy
US9843488B2 (en) 2011-11-07 2017-12-12 Netflow Logic Corporation Method and system for confident anomaly detection in computer network traffic
US20140075557A1 (en) * 2012-09-11 2014-03-13 Netflow Logic Corporation Streaming Method and System for Processing Network Metadata
US8972543B1 (en) 2012-04-11 2015-03-03 Spirent Communications, Inc. Managing clients utilizing reverse transactions
US9412067B2 (en) 2012-09-05 2016-08-09 Numenta, Inc. Anomaly detection in spatial and temporal memory system
US9197657B2 (en) 2012-09-27 2015-11-24 Hewlett-Packard Development Company, L.P. Internet protocol address distribution summary
US9857825B1 (en) * 2012-10-29 2018-01-02 Washington State University Rate based failure detection
US20140122550A1 (en) * 2012-11-01 2014-05-01 Zhiyi Zhang System for nonparametric entropy estimation
US9477464B2 (en) * 2012-11-20 2016-10-25 Genesys Telecommunications Laboratories, Inc. Distributed aggregation for contact center agent-groups on sliding interval
US10412121B2 (en) 2012-11-20 2019-09-10 Genesys Telecommunications Laboratories, Inc. Distributed aggregation for contact center agent-groups on growing interval
WO2014111863A1 (en) 2013-01-16 2014-07-24 Light Cyber Ltd. Automated forensics of computer systems using behavioral intelligence
US20150127595A1 (en) * 2013-11-01 2015-05-07 Numenta, Inc. Modeling and detection of anomaly based on prediction
US9674207B2 (en) * 2014-07-23 2017-06-06 Cisco Technology, Inc. Hierarchical attack detection in a network
US10728040B1 (en) * 2014-08-08 2020-07-28 Tai Seibert Connection-based network behavioral anomaly detection system and method
US10103890B2 (en) * 2014-08-08 2018-10-16 Haw-Minn Lu Membership query method
US9571519B2 (en) * 2014-09-29 2017-02-14 Juniper Networks, Inc. Targeted attack discovery
US9954754B2 (en) * 2014-10-31 2018-04-24 Electronics And Telecommunications Research Institute Random access method and terminal supporting the same
KR102324607B1 (ko) * 2014-10-31 2021-11-10 한국전자통신연구원 랜덤 액세스 방법 및 이를 지원 하는 단말
US9774604B2 (en) 2015-01-16 2017-09-26 Zingbox, Ltd. Private cloud control
US10476947B1 (en) 2015-03-02 2019-11-12 F5 Networks, Inc Methods for managing web applications and devices thereof
US10212178B2 (en) 2015-04-07 2019-02-19 Zingbox, Ltd. Packet analysis based IoT management
US11616806B1 (en) 2015-05-08 2023-03-28 F5, Inc. Methods for protecting web based resources from D/DoS attacks and devices thereof
US10148537B2 (en) * 2015-09-16 2018-12-04 Cisco Technology, Inc. Detecting oscillation anomalies in a mesh network using machine learning
US10541903B2 (en) 2015-10-02 2020-01-21 Futurewei Technologies, Inc. Methodology to improve the anomaly detection rate
US10192050B2 (en) * 2015-10-30 2019-01-29 General Electric Company Methods, systems, apparatus, and storage media for use in detecting anomalous behavior and/or in preventing data loss
WO2017095374A1 (en) * 2015-11-30 2017-06-08 Hewlett Packard Enterprise Development Lp Alignment and deduplication of time-series datasets
US10581902B1 (en) * 2015-11-30 2020-03-03 F5 Networks, Inc. Methods for mitigating distributed denial of service attacks and devices thereof
US9967275B1 (en) * 2015-12-17 2018-05-08 EMC IP Holding Company LLC Efficient detection of network anomalies
US10834110B1 (en) 2015-12-18 2020-11-10 F5 Networks, Inc. Methods for preventing DDoS attack based on adaptive self learning of session and transport layers and devices thereof
US10397250B1 (en) 2016-01-21 2019-08-27 F5 Networks, Inc. Methods for detecting remote access trojan malware and devices thereof
US11140167B1 (en) 2016-03-01 2021-10-05 Exabeam, Inc. System, method, and computer program for automatically classifying user accounts in a computer network using keys from an identity management system
CN107196891B (zh) * 2016-03-15 2020-02-14 华为技术有限公司 数据流转发异常检测方法、控制器和系统
US10432650B2 (en) 2016-03-31 2019-10-01 Stuart Staniford System and method to protect a webserver against application exploits and attacks
US10425443B2 (en) 2016-06-14 2019-09-24 Microsoft Technology Licensing, Llc Detecting volumetric attacks
US10055336B1 (en) * 2016-06-23 2018-08-21 VCE IP Holding Company LLC Computer implemented system and method and computer program product for testing a software component by simulating an interface to a computing component using randomized network packet information
US10432652B1 (en) 2016-09-20 2019-10-01 F5 Networks, Inc. Methods for detecting and mitigating malicious network behavior and devices thereof
US10380348B2 (en) 2016-11-21 2019-08-13 ZingBox, Inc. IoT device risk assessment
US10440037B2 (en) * 2017-03-31 2019-10-08 Mcafee, Llc Identifying malware-suspect end points through entropy changes in consolidated logs
WO2018186242A1 (ja) 2017-04-04 2018-10-11 日本電信電話株式会社 監視装置、監視方法および監視プログラム
US11038869B1 (en) 2017-05-12 2021-06-15 F5 Networks, Inc. Methods for managing a federated identity environment based on application availability and devices thereof
US11070568B2 (en) 2017-09-27 2021-07-20 Palo Alto Networks, Inc. IoT device management visualization
US11082296B2 (en) 2017-10-27 2021-08-03 Palo Alto Networks, Inc. IoT device grouping and labeling
US11423143B1 (en) 2017-12-21 2022-08-23 Exabeam, Inc. Anomaly detection based on processes executed within a network
CN110110160B (zh) * 2017-12-29 2020-04-14 阿里巴巴集团控股有限公司 确定数据异常的方法及装置
KR101918441B1 (ko) * 2018-01-16 2018-11-13 전남대학교산학협력단 의심 트래픽 능동형 임계값 기반 DRDoS 요청 탐지 방법 및 시스템
US11539740B1 (en) 2018-02-02 2022-12-27 F5, Inc. Methods for protecting CPU during DDoS attack and devices thereof
US11411850B2 (en) * 2018-03-14 2022-08-09 Nec Corporation Traffic analysis apparatus, method, and program
US10999304B2 (en) * 2018-04-11 2021-05-04 Palo Alto Networks (Israel Analytics) Ltd. Bind shell attack detection
US11431741B1 (en) * 2018-05-16 2022-08-30 Exabeam, Inc. Detecting unmanaged and unauthorized assets in an information technology network with a recurrent neural network that identifies anomalously-named assets
JP7098000B2 (ja) 2018-06-18 2022-07-08 パロ アルト ネットワークス,インコーポレイテッド IoTセキュリティにおけるパターンマッチングベースの検出
US10817604B1 (en) 2018-06-19 2020-10-27 Architecture Technology Corporation Systems and methods for processing source codes to detect non-malicious faults
US10749890B1 (en) 2018-06-19 2020-08-18 Architecture Technology Corporation Systems and methods for improving the ranking and prioritization of attack-related events
CN110661763B (zh) * 2018-06-29 2021-11-19 阿里巴巴集团控股有限公司 一种DDoS反射攻击防御方法、装置及其设备
US12028231B2 (en) * 2018-07-18 2024-07-02 Telecom Italia S.P.A. Performance measurement in a packet-switched communication network
US12294482B2 (en) 2018-09-04 2025-05-06 Palo Alto Networks, Inc. IoT application learning
US12289328B2 (en) 2018-10-15 2025-04-29 Palo Alto Networks, Inc. Multi-dimensional periodicity detection of IOT device behavior
US11102126B2 (en) * 2018-10-22 2021-08-24 Centurylink Intellectual Property Llc Method, apparatus, and system for adjusting routing of network traffic or utilization of network nodes
US11451571B2 (en) 2018-12-12 2022-09-20 Palo Alto Networks, Inc. IoT device risk assessment and scoring
US11689573B2 (en) 2018-12-31 2023-06-27 Palo Alto Networks, Inc. Multi-layered policy management
US11429713B1 (en) * 2019-01-24 2022-08-30 Architecture Technology Corporation Artificial intelligence modeling for cyber-attack simulation protocols
US11184378B2 (en) 2019-01-30 2021-11-23 Palo Alto Networks (Israel Analytics) Ltd. Scanner probe detection
US11184376B2 (en) 2019-01-30 2021-11-23 Palo Alto Networks (Israel Analytics) Ltd. Port scan detection using destination profiles
US11316872B2 (en) 2019-01-30 2022-04-26 Palo Alto Networks (Israel Analytics) Ltd. Malicious port scan detection using port profiles
US11184377B2 (en) 2019-01-30 2021-11-23 Palo Alto Networks (Israel Analytics) Ltd. Malicious port scan detection using source profiles
US11070569B2 (en) 2019-01-30 2021-07-20 Palo Alto Networks (Israel Analytics) Ltd. Detecting outlier pairs of scanned ports
US11128654B1 (en) 2019-02-04 2021-09-21 Architecture Technology Corporation Systems and methods for unified hierarchical cybersecurity
US11625366B1 (en) 2019-06-04 2023-04-11 Exabeam, Inc. System, method, and computer program for automatic parser creation
US11403405B1 (en) 2019-06-27 2022-08-02 Architecture Technology Corporation Portable vulnerability identification tool for embedded non-IP devices
US11444974B1 (en) 2019-10-23 2022-09-13 Architecture Technology Corporation Systems and methods for cyber-physical threat modeling
US11349981B1 (en) 2019-10-30 2022-05-31 F5, Inc. Methods for optimizing multimedia communication and devices thereof
CN110825924B (zh) * 2019-11-01 2022-12-06 深圳市卡牛科技有限公司 一种数据检测方法、装置及存储介质
US10911471B1 (en) * 2019-11-27 2021-02-02 The Florida International University Board Of Trustees Systems and methods for network-based intrusion detection
US11503075B1 (en) 2020-01-14 2022-11-15 Architecture Technology Corporation Systems and methods for continuous compliance of nodes
US11115799B1 (en) 2020-06-01 2021-09-07 Palo Alto Networks, Inc. IoT device discovery and identification
US12302451B2 (en) 2020-06-01 2025-05-13 Palo Alto Networks, Inc. IoT security policy on a firewall
US11956253B1 (en) 2020-06-15 2024-04-09 Exabeam, Inc. Ranking cybersecurity alerts from multiple sources using machine learning
US12395418B2 (en) 2020-07-23 2025-08-19 Microsoft Technology Licensing, Llc Network verification systems and methods
US12063226B1 (en) 2020-09-29 2024-08-13 Exabeam, Inc. Graph-based multi-staged attack detection in the context of an attack framework
US11509680B2 (en) 2020-09-30 2022-11-22 Palo Alto Networks (Israel Analytics) Ltd. Classification of cyber-alerts into security incidents
EP4009160B1 (de) 2020-12-07 2025-02-05 F5, Inc. Verfahren zum einsatz einer anwendung über mehrere rechnerdomänen und vorrichtungen dafür
US12401685B2 (en) 2021-10-14 2025-08-26 F5, Inc. Methods for mitigating DDoS attack using hardware device and devices thereof
US12039017B2 (en) 2021-10-20 2024-07-16 Palo Alto Networks (Israel Analytics) Ltd. User entity normalization and association
US11552975B1 (en) 2021-10-26 2023-01-10 Palo Alto Networks, Inc. IoT device identification with packet flow behavior machine learning model
KR102783148B1 (ko) 2021-12-29 2025-03-19 한국전자통신연구원 심볼릭 공간에서의 네트워킹 행위 이상도 측정 기반 공격 탐지 장치 및 방법
US11799880B2 (en) 2022-01-10 2023-10-24 Palo Alto Networks (Israel Analytics) Ltd. Network adaptive alert prioritization system
US12301600B2 (en) 2022-01-18 2025-05-13 Palo Alto Networks, Inc. IoT device identification by machine learning with time series behavioral and statistical features
EP4483532B1 (de) * 2022-02-22 2025-04-09 Telefonaktiebolaget LM Ericsson (publ) Verfahren und vorrichtungen zur bestimmung von sicherheitsangriffen in softwaredefinierten netzwerken
FR3138220B1 (fr) * 2022-07-22 2025-01-10 Stmicroelectronics Grand Ouest Procédé de détection d'anomalies réseau
US12519827B2 (en) 2022-12-30 2026-01-06 F5, Inc. Methods for detecting ICMP flood attacks
US12506763B1 (en) 2023-04-28 2025-12-23 Exabeam, Inc. System, method, and computer program for scoring and organizing evidence of cybersecurity threats from multiple data sources
US12399984B1 (en) 2023-06-13 2025-08-26 Exabeam, Inc. System, method, and computer program for predictive autoscaling for faster searches of event logs in a cybersecurity system
US20250220032A1 (en) * 2024-01-01 2025-07-03 A10 Networks, Inc. Network traffic behavioral histogram analysis and attack detection

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6601014B1 (en) 1999-11-30 2003-07-29 Cerebrus Solutions Ltd. Dynamic deviation
US20030200441A1 (en) 2002-04-19 2003-10-23 International Business Machines Corporation Detecting randomness in computer network traffic
US8191136B2 (en) 2002-11-04 2012-05-29 Riverbed Technology, Inc. Connection based denial of service detection
US7272853B2 (en) 2003-06-04 2007-09-18 Microsoft Corporation Origination/destination features and lists for spam prevention
KR20080066653A (ko) 2005-06-29 2008-07-16 트러스티스 오브 보스턴 유니버시티 완전한 네트워크 변칙 진단을 위한 방법 및 장치와 트래픽피쳐 분포를 사용하여 네트워크 변칙들을 검출하고분류하기 위한 방법
US8069182B2 (en) 2006-04-24 2011-11-29 Working Research, Inc. Relevancy-based domain classification
US8248946B2 (en) 2006-06-06 2012-08-21 Polytechnic Institute of New York Unversity Providing a high-speed defense against distributed denial of service (DDoS) attacks

Also Published As

Publication number Publication date
EP2227889B1 (de) 2011-07-13
US8611219B2 (en) 2013-12-17
EP2227889A1 (de) 2010-09-15
US20100284282A1 (en) 2010-11-11
WO2009086843A1 (en) 2009-07-16

Similar Documents

Publication Publication Date Title
ATE516655T1 (de) Verfahren zur detektion von anomalien in einem kommunikationssystem, das symbolische paketmerkmale verwendet
ATE511296T1 (de) Verfahren zum detektieren von anomalien in einem kommunikationssystem, das numerische paketmerkmale verwendet
MX2007011510A (es) Metodo y aparato para proveer informacion de tiempo de viaje y congestion a usuarios.
EP2350933A4 (de) Analyse der leistungsfähigkeit von anwendungen
EP2337266A3 (de) Nachweis und Klassifizierung von Anomalien in Kommunikationsnetzwerken
WO2013062620A3 (en) Methods and systems for analyzing data of an online social network
WO2014028648A3 (en) System and method for forming predictions using event-based sentiment analysis
SG193009A1 (en) Method and system for portable cell detection and analysis using microfluidic technology
WO2009142855A3 (en) Method and apparatus of network artifact indentification and extraction
WO2014117021A3 (en) Methods, compositions, kits, and systems for selective enrichment of target cells
CA2860771C (en) Method to determine location, size and in situ conditions in hydrocarbon reservoir with ecology, geochemistry, and biomarkers
WO2009117446A3 (en) System and method for analysis of electronic information dissemination events
WO2010093454A3 (en) System and method for analyzing traffic flow
WO2011130184A3 (en) SYSTEMS AND METHODS FOR MODEL-BASED qPCR
WO2007098405A3 (en) Systems and methods for determining a flow of data
WO2009126848A3 (en) Analyzing large data sets using a computer system
MY166071A (en) Lawful interception for 2g/3g equipment interworking with evolved packet system
WO2011160217A3 (en) Equation-based assessment grading method and participant response system employing same
ATE492858T1 (de) Verfahren, system und vorrichtung zum erfassen von benutzerinformationen
GB2529097A (en) Method of website optimisation for a website hosted on a server system, and a server system
EP2566949A4 (de) Vorrichtung, system und verfahren zur durchgangsprüfung von proben
EP2490800A4 (de) Verfahren und systeme zur erfassung und präparierung von proben, zur implementierung, initiierung und durchführung von assays sowie zur steuerung und kontrolle eines flüssigkeitsflusses
DK2118666T3 (da) Fremgangsmåde til normalisering af koncentrationen af analytter i en urinprøve
TW200943990A (en) Method and apparatus for improving performance of erasure sequence detection
JP2010099068A5 (de)

Legal Events

Date Code Title Description
RER Ceased as to paragraph 5 lit. 3 law introducing patent treaties