CA2417817A1 - System and method of detecting events - Google Patents

System and method of detecting events Download PDF

Info

Publication number
CA2417817A1
CA2417817A1 CA002417817A CA2417817A CA2417817A1 CA 2417817 A1 CA2417817 A1 CA 2417817A1 CA 002417817 A CA002417817 A CA 002417817A CA 2417817 A CA2417817 A CA 2417817A CA 2417817 A1 CA2417817 A1 CA 2417817A1
Authority
CA
Canada
Prior art keywords
network traffic
traffic events
classifying
accordance
conditions
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CA002417817A
Other languages
French (fr)
Other versions
CA2417817C (en
Inventor
Richard Thomas Scarfe
Edmund Andrew Kirkham
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
British Telecommunications PLC
Original Assignee
British Telecommunications Public Limited Company
Richard Thomas Scarfe
Edmund Andrew Kirkham
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by British Telecommunications Public Limited Company, Richard Thomas Scarfe, Edmund Andrew Kirkham filed Critical British Telecommunications Public Limited Company
Publication of CA2417817A1 publication Critical patent/CA2417817A1/en
Application granted granted Critical
Publication of CA2417817C publication Critical patent/CA2417817C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/022Capturing of monitoring data by sampling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/12Network monitoring probes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring

Abstract

Apparatus for classifying network traffic events in accordance with one or more conditions comprising categorising means for catergorising a plurality of network traffic events, analysing means for analysing at least one aspect of the network traffic events and identifying groups in accordance with the analysis, group determining means for determining group allocation for the categorised network traffic events, generating means fo generating one or more conditions in relation to the group and category of analysed network traffic events, and classifying means for classifying a newly detected network traffic event in accordance with the one or more conditions generated.
CA002417817A 2000-08-11 2001-08-02 System and method of detecting events Expired - Fee Related CA2417817C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
EP00306876 2000-08-11
EP00306876.4 2000-08-11
PCT/GB2001/003450 WO2002015479A1 (en) 2000-08-11 2001-08-02 System and method of detecting events

Publications (2)

Publication Number Publication Date
CA2417817A1 true CA2417817A1 (en) 2002-02-21
CA2417817C CA2417817C (en) 2007-11-06

Family

ID=8173182

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002417817A Expired - Fee Related CA2417817C (en) 2000-08-11 2001-08-02 System and method of detecting events

Country Status (6)

Country Link
US (1) US7143442B2 (en)
EP (1) EP1307999B1 (en)
AU (1) AU2001275737A1 (en)
CA (1) CA2417817C (en)
DE (1) DE60116877T2 (en)
WO (1) WO2002015479A1 (en)

Families Citing this family (68)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6978301B2 (en) * 2000-12-06 2005-12-20 Intelliden System and method for configuring a network device
AU2002322109A1 (en) 2001-06-13 2002-12-23 Intruvert Networks, Inc. Method and apparatus for distributed network security
US7644436B2 (en) * 2002-01-24 2010-01-05 Arxceo Corporation Intelligent firewall
US7424744B1 (en) * 2002-03-05 2008-09-09 Mcafee, Inc. Signature based network intrusion detection system and method
US8205259B2 (en) * 2002-03-29 2012-06-19 Global Dataguard Inc. Adaptive behavioral intrusion detection systems and methods
US7367055B2 (en) * 2002-06-11 2008-04-29 Motorola, Inc. Communication systems automated security detection based on protocol cause codes
TWI244297B (en) * 2002-06-12 2005-11-21 Thomson Licensing Sa Apparatus and method adapted to communicate via a network
US7483972B2 (en) * 2003-01-08 2009-01-27 Cisco Technology, Inc. Network security monitoring system
US6985920B2 (en) * 2003-06-23 2006-01-10 Protego Networks Inc. Method and system for determining intra-session event correlation across network address translation devices
US7328451B2 (en) * 2003-06-30 2008-02-05 At&T Delaware Intellectual Property, Inc. Network firewall policy configuration facilitation
US7353218B2 (en) * 2003-08-14 2008-04-01 International Business Machines Corporation Methods and apparatus for clustering evolving data streams through online and offline components
US7644365B2 (en) 2003-09-12 2010-01-05 Cisco Technology, Inc. Method and system for displaying network security incidents
FR2864282A1 (en) * 2003-12-17 2005-06-24 France Telecom Alarm management method for intrusion detection system, involves adding description of alarms to previous alarm, using values established by taxonomic structures, and storing added alarms in logical file system for analysis of alarms
KR100628296B1 (en) * 2003-12-18 2006-09-27 한국전자통신연구원 Method for analyzing network attack situation
US7895448B1 (en) * 2004-02-18 2011-02-22 Symantec Corporation Risk profiling
US7761920B2 (en) 2004-09-03 2010-07-20 Fortinet, Inc. Data structure for policy-based remediation selection
US7774848B2 (en) 2004-07-23 2010-08-10 Fortinet, Inc. Mapping remediation to plurality of vulnerabilities
US8171555B2 (en) 2004-07-23 2012-05-01 Fortinet, Inc. Determining technology-appropriate remediation for vulnerability
US20060018478A1 (en) * 2004-07-23 2006-01-26 Diefenderfer Kristopher G Secure communication protocol
US7665119B2 (en) * 2004-09-03 2010-02-16 Secure Elements, Inc. Policy-based selection of remediation
US7672948B2 (en) * 2004-09-03 2010-03-02 Fortinet, Inc. Centralized data transformation
US7703137B2 (en) * 2004-09-03 2010-04-20 Fortinet, Inc. Centralized data transformation
US20060080738A1 (en) * 2004-10-08 2006-04-13 Bezilla Daniel B Automatic criticality assessment
KR100628317B1 (en) * 2004-12-03 2006-09-27 한국전자통신연구원 Apparatus for detecting attacks toward network and method thereof
CN102592177A (en) * 2004-12-21 2012-07-18 西特尔私人有限公司 A method and a system of generating an analytical tool for use in assessing a state of an entity
CN100433636C (en) * 2004-12-24 2008-11-12 中兴通讯股份有限公司 Method for real-time embodying disparity of network managment foreground and background data
US7808897B1 (en) 2005-03-01 2010-10-05 International Business Machines Corporation Fast network security utilizing intrusion prevention systems
JP4329711B2 (en) * 2005-03-09 2009-09-09 株式会社日立製作所 Traffic information system
US9438683B2 (en) 2005-04-04 2016-09-06 Aol Inc. Router-host logging
US7454790B2 (en) * 2005-05-23 2008-11-18 Ut-Battelle, Llc Method for detecting sophisticated cyber attacks
US8051484B2 (en) 2005-06-14 2011-11-01 Imperva, Inc. Method and security system for indentifying and blocking web attacks by enforcing read-only parameters
FR2888440A1 (en) * 2005-07-08 2007-01-12 France Telecom METHOD AND SYSTEM FOR DETECTING INTRUSIONS
US7882262B2 (en) 2005-08-18 2011-02-01 Cisco Technology, Inc. Method and system for inline top N query computation
US8392963B2 (en) * 2005-11-28 2013-03-05 Imperva, Inc. Techniques for tracking actual users in web application security systems
WO2007071004A1 (en) * 2005-12-20 2007-06-28 Bce Inc. Apparatus and method for supporting multiple traffic categories at a single networked device
US20070195776A1 (en) * 2006-02-23 2007-08-23 Zheng Danyang R System and method for channeling network traffic
US8024804B2 (en) * 2006-03-08 2011-09-20 Imperva, Inc. Correlation engine for detecting network attacks and detection method
US8233388B2 (en) 2006-05-30 2012-07-31 Cisco Technology, Inc. System and method for controlling and tracking network content flow
US20080134300A1 (en) 2006-07-08 2008-06-05 David Izatt Method for Improving Security of Computer Networks
JP4950590B2 (en) * 2006-08-07 2012-06-13 クラリオン株式会社 Traffic information providing apparatus, traffic information providing system, traffic information transmission method, and traffic information request method
US8051474B1 (en) * 2006-09-26 2011-11-01 Avaya Inc. Method and apparatus for identifying trusted sources based on access point
JP4729469B2 (en) * 2006-11-10 2011-07-20 日立オートモティブシステムズ株式会社 Traffic information system
US7882217B2 (en) 2007-05-17 2011-02-01 Verint Systems Inc. Network identity clustering
KR100924694B1 (en) * 2007-06-21 2009-11-03 삼성전자주식회사 Method for predicting and managing defects in a hard disk drive using hierarchical clustering and curve fit
JP4547408B2 (en) * 2007-09-11 2010-09-22 日立オートモティブシステムズ株式会社 Traffic condition prediction device and traffic condition prediction method
US8694622B2 (en) * 2007-10-04 2014-04-08 Microsoft Corporation Monitoring and controlling network communications
US8413250B1 (en) * 2008-06-05 2013-04-02 A9.Com, Inc. Systems and methods of classifying sessions
US8068431B2 (en) * 2009-07-17 2011-11-29 Satyam Computer Services Limited System and method for deep packet inspection
US9705899B2 (en) * 2010-01-26 2017-07-11 Bae Systems Information And Electronic Systems Integration Inc. Digital filter correlation engine
US8776226B2 (en) * 2010-01-26 2014-07-08 Bae Systems Information And Electronic Systems Integration Inc. Method and apparatus for detecting SSH login attacks
US8463772B1 (en) 2010-05-13 2013-06-11 Google Inc. Varied-importance proximity values
US9384112B2 (en) 2010-07-01 2016-07-05 Logrhythm, Inc. Log collection, structuring and processing
US9780995B2 (en) * 2010-11-24 2017-10-03 Logrhythm, Inc. Advanced intelligence engine
CA2914169C (en) 2010-11-24 2018-01-23 Logrhythm, Inc. Scalable analytical processing of structured data
US20130117272A1 (en) * 2011-11-03 2013-05-09 Microsoft Corporation Systems and methods for handling attributes and intervals of big data
US20130212680A1 (en) * 2012-01-12 2013-08-15 Arxceo Corporation Methods and systems for protecting network devices from intrusion
US9265458B2 (en) 2012-12-04 2016-02-23 Sync-Think, Inc. Application of smooth pursuit cognitive testing paradigms to clinical drug development
CN103870751B (en) * 2012-12-18 2017-02-01 中国移动通信集团山东有限公司 Method and system for intrusion detection
US8966068B2 (en) 2013-01-15 2015-02-24 International Business Machines Corporation Selective logging of network requests based on subsets of the program that were executed
US9380976B2 (en) 2013-03-11 2016-07-05 Sync-Think, Inc. Optical neuroinformatics
JP6252254B2 (en) * 2014-02-28 2017-12-27 富士通株式会社 Monitoring program, monitoring method and monitoring apparatus
US9160680B1 (en) * 2014-11-18 2015-10-13 Kaspersky Lab Zao System and method for dynamic network resource categorization re-assignment
CN104580173B (en) * 2014-12-25 2017-10-10 广东顺德中山大学卡内基梅隆大学国际联合研究院 A kind of SDN abnormality detections are with stopping method and system
US10116536B2 (en) * 2015-11-18 2018-10-30 Adobe Systems Incorporated Identifying multiple devices belonging to a single user
KR20200140560A (en) * 2019-06-07 2020-12-16 삼성전자주식회사 Electronic device and system for the same
CN110738856B (en) * 2019-11-12 2020-09-22 中南大学 Mobile clustering-based urban traffic jam fine identification method
US11411802B2 (en) 2019-12-09 2022-08-09 Arista Networks, Inc. Determining the impact of network events on network applications
US20210409376A1 (en) * 2020-06-30 2021-12-30 Vmware, Inc. Firewall rule statistic mini-maps

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6304262B1 (en) * 1998-07-21 2001-10-16 Raytheon Company Information security analysis system
US6564243B1 (en) 1998-09-14 2003-05-13 Adwise Ltd. Method and system for injecting external content into computer network interactive sessions

Also Published As

Publication number Publication date
AU2001275737A1 (en) 2002-02-25
CA2417817C (en) 2007-11-06
EP1307999B1 (en) 2006-01-25
DE60116877T2 (en) 2006-09-14
US20040103021A1 (en) 2004-05-27
WO2002015479A1 (en) 2002-02-21
DE60116877D1 (en) 2006-04-13
EP1307999A1 (en) 2003-05-07
US7143442B2 (en) 2006-11-28

Similar Documents

Publication Publication Date Title
CA2417817A1 (en) System and method of detecting events
WO2005027016A3 (en) Fraudulent message detection
DE69514506D1 (en) METHOD FOR MONITORING TRAFFIC FOR THE AUTOMATIC VEHICLE BEFORE DETECTING THE CASE
EP1892862A3 (en) Source detection apparatus and method for audience measurement
CA2451276A1 (en) Method and apparatus of detecting network activity
DE60119567D1 (en) METHOD AND DEVICE FOR DETECTING AND CLASSIFYING INTERFERENCE IN AN RF-MODULATED NETWORK
DE69825601D1 (en) METHOD FOR ANALYZING POLYMERS
DE69705471D1 (en) DEVICE FOR DETECTING EVENTS IN PROCESS SYSTEMS
DK1042664T3 (en) Method for detecting reactions by coincidence analysis
CA2175326A1 (en) Method for Determining Parameter of Hydrocarbon
NO994490D0 (en) Seismic detection apparatus, and associated method
WO2002051140A3 (en) Apparatus and method of program classification using observed cues in the transcript information
DE69637968D1 (en) DEVICE FOR DETECTING ELECTRICAL DISCHARGES IN A TEST OBJECT
ATE378606T1 (en) TEST CONNECTION FOR PARTIAL DISCHARGE DETECTION, PARTIAL DISCHARGE DETECTOR AND METHOD FOR DETECTING PARTIAL DISCHARGES ON A POWER CABLE
DE69509509D1 (en) DEVICE FOR FREQUENCY IRREGULARITY DETECTION OF LEVELS THAT PASS A SPECIAL LOCATION OF A PERSONAL PERSONNEL SYSTEM
EP1345110A3 (en) Adapting a man-machine interface depending on a psychological profile and of the momentary sensitivity of a user
DE60134014D1 (en) DEVICE AND METHOD FOR ANALYZING A SYSTEM WITH FAULT START
FR2717282B1 (en) System analysis method.
DE69601576D1 (en) Device for analyzing an energy spectrum
ATE214862T1 (en) DEVICE AND METHOD FOR THE QUALITY ASSESSMENT OF MULTI-CHANNEL AUDIO SIGNALS
DE60008159D1 (en) Separation and analysis methods for lipoproteins, device for carrying out the same, and a system containing the device
ATE344497T1 (en) DEVICE AND METHOD FOR CHARACTERIZING AND SEQUENCING POLYMERS
CA2420720A1 (en) System and method for monitoring grouped resources
DE59804899D1 (en) DEVICE FOR OPTIMIZING FABRICS BASED ON MEASURED YARN DATA AND OPTIMIZATION METHOD
DE59914728D1 (en) Device for detecting or analyzing machine damage

Legal Events

Date Code Title Description
EEER Examination request
MKLA Lapsed

Effective date: 20130802