CA2417817A1 - System and method of detecting events - Google Patents
System and method of detecting events Download PDFInfo
- Publication number
- CA2417817A1 CA2417817A1 CA002417817A CA2417817A CA2417817A1 CA 2417817 A1 CA2417817 A1 CA 2417817A1 CA 002417817 A CA002417817 A CA 002417817A CA 2417817 A CA2417817 A CA 2417817A CA 2417817 A1 CA2417817 A1 CA 2417817A1
- Authority
- CA
- Canada
- Prior art keywords
- network traffic
- traffic events
- classifying
- accordance
- conditions
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/022—Capturing of monitoring data by sampling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/12—Network monitoring probes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/16—Threshold monitoring
Abstract
Apparatus for classifying network traffic events in accordance with one or more conditions comprising categorising means for catergorising a plurality of network traffic events, analysing means for analysing at least one aspect of the network traffic events and identifying groups in accordance with the analysis, group determining means for determining group allocation for the categorised network traffic events, generating means fo generating one or more conditions in relation to the group and category of analysed network traffic events, and classifying means for classifying a newly detected network traffic event in accordance with the one or more conditions generated.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP00306876 | 2000-08-11 | ||
EP00306876.4 | 2000-08-11 | ||
PCT/GB2001/003450 WO2002015479A1 (en) | 2000-08-11 | 2001-08-02 | System and method of detecting events |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2417817A1 true CA2417817A1 (en) | 2002-02-21 |
CA2417817C CA2417817C (en) | 2007-11-06 |
Family
ID=8173182
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA002417817A Expired - Fee Related CA2417817C (en) | 2000-08-11 | 2001-08-02 | System and method of detecting events |
Country Status (6)
Country | Link |
---|---|
US (1) | US7143442B2 (en) |
EP (1) | EP1307999B1 (en) |
AU (1) | AU2001275737A1 (en) |
CA (1) | CA2417817C (en) |
DE (1) | DE60116877T2 (en) |
WO (1) | WO2002015479A1 (en) |
Families Citing this family (68)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6978301B2 (en) * | 2000-12-06 | 2005-12-20 | Intelliden | System and method for configuring a network device |
AU2002322109A1 (en) | 2001-06-13 | 2002-12-23 | Intruvert Networks, Inc. | Method and apparatus for distributed network security |
US7644436B2 (en) * | 2002-01-24 | 2010-01-05 | Arxceo Corporation | Intelligent firewall |
US7424744B1 (en) * | 2002-03-05 | 2008-09-09 | Mcafee, Inc. | Signature based network intrusion detection system and method |
US8205259B2 (en) * | 2002-03-29 | 2012-06-19 | Global Dataguard Inc. | Adaptive behavioral intrusion detection systems and methods |
US7367055B2 (en) * | 2002-06-11 | 2008-04-29 | Motorola, Inc. | Communication systems automated security detection based on protocol cause codes |
TWI244297B (en) * | 2002-06-12 | 2005-11-21 | Thomson Licensing Sa | Apparatus and method adapted to communicate via a network |
US7483972B2 (en) * | 2003-01-08 | 2009-01-27 | Cisco Technology, Inc. | Network security monitoring system |
US6985920B2 (en) * | 2003-06-23 | 2006-01-10 | Protego Networks Inc. | Method and system for determining intra-session event correlation across network address translation devices |
US7328451B2 (en) * | 2003-06-30 | 2008-02-05 | At&T Delaware Intellectual Property, Inc. | Network firewall policy configuration facilitation |
US7353218B2 (en) * | 2003-08-14 | 2008-04-01 | International Business Machines Corporation | Methods and apparatus for clustering evolving data streams through online and offline components |
US7644365B2 (en) | 2003-09-12 | 2010-01-05 | Cisco Technology, Inc. | Method and system for displaying network security incidents |
FR2864282A1 (en) * | 2003-12-17 | 2005-06-24 | France Telecom | Alarm management method for intrusion detection system, involves adding description of alarms to previous alarm, using values established by taxonomic structures, and storing added alarms in logical file system for analysis of alarms |
KR100628296B1 (en) * | 2003-12-18 | 2006-09-27 | 한국전자통신연구원 | Method for analyzing network attack situation |
US7895448B1 (en) * | 2004-02-18 | 2011-02-22 | Symantec Corporation | Risk profiling |
US7761920B2 (en) | 2004-09-03 | 2010-07-20 | Fortinet, Inc. | Data structure for policy-based remediation selection |
US7774848B2 (en) | 2004-07-23 | 2010-08-10 | Fortinet, Inc. | Mapping remediation to plurality of vulnerabilities |
US8171555B2 (en) | 2004-07-23 | 2012-05-01 | Fortinet, Inc. | Determining technology-appropriate remediation for vulnerability |
US20060018478A1 (en) * | 2004-07-23 | 2006-01-26 | Diefenderfer Kristopher G | Secure communication protocol |
US7665119B2 (en) * | 2004-09-03 | 2010-02-16 | Secure Elements, Inc. | Policy-based selection of remediation |
US7672948B2 (en) * | 2004-09-03 | 2010-03-02 | Fortinet, Inc. | Centralized data transformation |
US7703137B2 (en) * | 2004-09-03 | 2010-04-20 | Fortinet, Inc. | Centralized data transformation |
US20060080738A1 (en) * | 2004-10-08 | 2006-04-13 | Bezilla Daniel B | Automatic criticality assessment |
KR100628317B1 (en) * | 2004-12-03 | 2006-09-27 | 한국전자통신연구원 | Apparatus for detecting attacks toward network and method thereof |
CN102592177A (en) * | 2004-12-21 | 2012-07-18 | 西特尔私人有限公司 | A method and a system of generating an analytical tool for use in assessing a state of an entity |
CN100433636C (en) * | 2004-12-24 | 2008-11-12 | 中兴通讯股份有限公司 | Method for real-time embodying disparity of network managment foreground and background data |
US7808897B1 (en) | 2005-03-01 | 2010-10-05 | International Business Machines Corporation | Fast network security utilizing intrusion prevention systems |
JP4329711B2 (en) * | 2005-03-09 | 2009-09-09 | 株式会社日立製作所 | Traffic information system |
US9438683B2 (en) | 2005-04-04 | 2016-09-06 | Aol Inc. | Router-host logging |
US7454790B2 (en) * | 2005-05-23 | 2008-11-18 | Ut-Battelle, Llc | Method for detecting sophisticated cyber attacks |
US8051484B2 (en) | 2005-06-14 | 2011-11-01 | Imperva, Inc. | Method and security system for indentifying and blocking web attacks by enforcing read-only parameters |
FR2888440A1 (en) * | 2005-07-08 | 2007-01-12 | France Telecom | METHOD AND SYSTEM FOR DETECTING INTRUSIONS |
US7882262B2 (en) | 2005-08-18 | 2011-02-01 | Cisco Technology, Inc. | Method and system for inline top N query computation |
US8392963B2 (en) * | 2005-11-28 | 2013-03-05 | Imperva, Inc. | Techniques for tracking actual users in web application security systems |
WO2007071004A1 (en) * | 2005-12-20 | 2007-06-28 | Bce Inc. | Apparatus and method for supporting multiple traffic categories at a single networked device |
US20070195776A1 (en) * | 2006-02-23 | 2007-08-23 | Zheng Danyang R | System and method for channeling network traffic |
US8024804B2 (en) * | 2006-03-08 | 2011-09-20 | Imperva, Inc. | Correlation engine for detecting network attacks and detection method |
US8233388B2 (en) | 2006-05-30 | 2012-07-31 | Cisco Technology, Inc. | System and method for controlling and tracking network content flow |
US20080134300A1 (en) | 2006-07-08 | 2008-06-05 | David Izatt | Method for Improving Security of Computer Networks |
JP4950590B2 (en) * | 2006-08-07 | 2012-06-13 | クラリオン株式会社 | Traffic information providing apparatus, traffic information providing system, traffic information transmission method, and traffic information request method |
US8051474B1 (en) * | 2006-09-26 | 2011-11-01 | Avaya Inc. | Method and apparatus for identifying trusted sources based on access point |
JP4729469B2 (en) * | 2006-11-10 | 2011-07-20 | 日立オートモティブシステムズ株式会社 | Traffic information system |
US7882217B2 (en) | 2007-05-17 | 2011-02-01 | Verint Systems Inc. | Network identity clustering |
KR100924694B1 (en) * | 2007-06-21 | 2009-11-03 | 삼성전자주식회사 | Method for predicting and managing defects in a hard disk drive using hierarchical clustering and curve fit |
JP4547408B2 (en) * | 2007-09-11 | 2010-09-22 | 日立オートモティブシステムズ株式会社 | Traffic condition prediction device and traffic condition prediction method |
US8694622B2 (en) * | 2007-10-04 | 2014-04-08 | Microsoft Corporation | Monitoring and controlling network communications |
US8413250B1 (en) * | 2008-06-05 | 2013-04-02 | A9.Com, Inc. | Systems and methods of classifying sessions |
US8068431B2 (en) * | 2009-07-17 | 2011-11-29 | Satyam Computer Services Limited | System and method for deep packet inspection |
US9705899B2 (en) * | 2010-01-26 | 2017-07-11 | Bae Systems Information And Electronic Systems Integration Inc. | Digital filter correlation engine |
US8776226B2 (en) * | 2010-01-26 | 2014-07-08 | Bae Systems Information And Electronic Systems Integration Inc. | Method and apparatus for detecting SSH login attacks |
US8463772B1 (en) | 2010-05-13 | 2013-06-11 | Google Inc. | Varied-importance proximity values |
US9384112B2 (en) | 2010-07-01 | 2016-07-05 | Logrhythm, Inc. | Log collection, structuring and processing |
US9780995B2 (en) * | 2010-11-24 | 2017-10-03 | Logrhythm, Inc. | Advanced intelligence engine |
CA2914169C (en) | 2010-11-24 | 2018-01-23 | Logrhythm, Inc. | Scalable analytical processing of structured data |
US20130117272A1 (en) * | 2011-11-03 | 2013-05-09 | Microsoft Corporation | Systems and methods for handling attributes and intervals of big data |
US20130212680A1 (en) * | 2012-01-12 | 2013-08-15 | Arxceo Corporation | Methods and systems for protecting network devices from intrusion |
US9265458B2 (en) | 2012-12-04 | 2016-02-23 | Sync-Think, Inc. | Application of smooth pursuit cognitive testing paradigms to clinical drug development |
CN103870751B (en) * | 2012-12-18 | 2017-02-01 | 中国移动通信集团山东有限公司 | Method and system for intrusion detection |
US8966068B2 (en) | 2013-01-15 | 2015-02-24 | International Business Machines Corporation | Selective logging of network requests based on subsets of the program that were executed |
US9380976B2 (en) | 2013-03-11 | 2016-07-05 | Sync-Think, Inc. | Optical neuroinformatics |
JP6252254B2 (en) * | 2014-02-28 | 2017-12-27 | 富士通株式会社 | Monitoring program, monitoring method and monitoring apparatus |
US9160680B1 (en) * | 2014-11-18 | 2015-10-13 | Kaspersky Lab Zao | System and method for dynamic network resource categorization re-assignment |
CN104580173B (en) * | 2014-12-25 | 2017-10-10 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | A kind of SDN abnormality detections are with stopping method and system |
US10116536B2 (en) * | 2015-11-18 | 2018-10-30 | Adobe Systems Incorporated | Identifying multiple devices belonging to a single user |
KR20200140560A (en) * | 2019-06-07 | 2020-12-16 | 삼성전자주식회사 | Electronic device and system for the same |
CN110738856B (en) * | 2019-11-12 | 2020-09-22 | 中南大学 | Mobile clustering-based urban traffic jam fine identification method |
US11411802B2 (en) | 2019-12-09 | 2022-08-09 | Arista Networks, Inc. | Determining the impact of network events on network applications |
US20210409376A1 (en) * | 2020-06-30 | 2021-12-30 | Vmware, Inc. | Firewall rule statistic mini-maps |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6304262B1 (en) * | 1998-07-21 | 2001-10-16 | Raytheon Company | Information security analysis system |
US6564243B1 (en) | 1998-09-14 | 2003-05-13 | Adwise Ltd. | Method and system for injecting external content into computer network interactive sessions |
-
2001
- 2001-08-02 US US10/332,802 patent/US7143442B2/en not_active Expired - Lifetime
- 2001-08-02 WO PCT/GB2001/003450 patent/WO2002015479A1/en active IP Right Grant
- 2001-08-02 AU AU2001275737A patent/AU2001275737A1/en not_active Abandoned
- 2001-08-02 CA CA002417817A patent/CA2417817C/en not_active Expired - Fee Related
- 2001-08-02 EP EP01953248A patent/EP1307999B1/en not_active Expired - Lifetime
- 2001-08-02 DE DE60116877T patent/DE60116877T2/en not_active Expired - Lifetime
Also Published As
Publication number | Publication date |
---|---|
AU2001275737A1 (en) | 2002-02-25 |
CA2417817C (en) | 2007-11-06 |
EP1307999B1 (en) | 2006-01-25 |
DE60116877T2 (en) | 2006-09-14 |
US20040103021A1 (en) | 2004-05-27 |
WO2002015479A1 (en) | 2002-02-21 |
DE60116877D1 (en) | 2006-04-13 |
EP1307999A1 (en) | 2003-05-07 |
US7143442B2 (en) | 2006-11-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2417817A1 (en) | System and method of detecting events | |
WO2005027016A3 (en) | Fraudulent message detection | |
DE69514506D1 (en) | METHOD FOR MONITORING TRAFFIC FOR THE AUTOMATIC VEHICLE BEFORE DETECTING THE CASE | |
EP1892862A3 (en) | Source detection apparatus and method for audience measurement | |
CA2451276A1 (en) | Method and apparatus of detecting network activity | |
DE60119567D1 (en) | METHOD AND DEVICE FOR DETECTING AND CLASSIFYING INTERFERENCE IN AN RF-MODULATED NETWORK | |
DE69825601D1 (en) | METHOD FOR ANALYZING POLYMERS | |
DE69705471D1 (en) | DEVICE FOR DETECTING EVENTS IN PROCESS SYSTEMS | |
DK1042664T3 (en) | Method for detecting reactions by coincidence analysis | |
CA2175326A1 (en) | Method for Determining Parameter of Hydrocarbon | |
NO994490D0 (en) | Seismic detection apparatus, and associated method | |
WO2002051140A3 (en) | Apparatus and method of program classification using observed cues in the transcript information | |
DE69637968D1 (en) | DEVICE FOR DETECTING ELECTRICAL DISCHARGES IN A TEST OBJECT | |
ATE378606T1 (en) | TEST CONNECTION FOR PARTIAL DISCHARGE DETECTION, PARTIAL DISCHARGE DETECTOR AND METHOD FOR DETECTING PARTIAL DISCHARGES ON A POWER CABLE | |
DE69509509D1 (en) | DEVICE FOR FREQUENCY IRREGULARITY DETECTION OF LEVELS THAT PASS A SPECIAL LOCATION OF A PERSONAL PERSONNEL SYSTEM | |
EP1345110A3 (en) | Adapting a man-machine interface depending on a psychological profile and of the momentary sensitivity of a user | |
DE60134014D1 (en) | DEVICE AND METHOD FOR ANALYZING A SYSTEM WITH FAULT START | |
FR2717282B1 (en) | System analysis method. | |
DE69601576D1 (en) | Device for analyzing an energy spectrum | |
ATE214862T1 (en) | DEVICE AND METHOD FOR THE QUALITY ASSESSMENT OF MULTI-CHANNEL AUDIO SIGNALS | |
DE60008159D1 (en) | Separation and analysis methods for lipoproteins, device for carrying out the same, and a system containing the device | |
ATE344497T1 (en) | DEVICE AND METHOD FOR CHARACTERIZING AND SEQUENCING POLYMERS | |
CA2420720A1 (en) | System and method for monitoring grouped resources | |
DE59804899D1 (en) | DEVICE FOR OPTIMIZING FABRICS BASED ON MEASURED YARN DATA AND OPTIMIZATION METHOD | |
DE59914728D1 (en) | Device for detecting or analyzing machine damage |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKLA | Lapsed |
Effective date: 20130802 |