Creating aggregate network flow time series in network anomaly detection systems

In an embodiment, a computer implemented method receives flow data for one or more flows that correspond to a device-circuit pair. The method calculates a time difference for each flow that corresponds to a device-circuit pair. Based on the calculated time differences and the received flow data, the...

Full description

Saved in:
Bibliographic Details
Main Author Yermakov, Sergey
Format Patent
LanguageEnglish
Published 14.03.2023
Subjects
CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online AccessGet full text

Cover

More Information
Summary:In an embodiment, a computer implemented method receives flow data for one or more flows that correspond to a device-circuit pair. The method calculates a time difference for each flow that corresponds to a device-circuit pair. Based on the calculated time differences and the received flow data, the method updates a probability distribution model associated with the device-circuit pair. Then, the method determines whether a time bucket is complete or open based on the updated probability distribution model.
Bibliography:Application Number: US202217684488