Abstract: A system for identifying a network intrusion includes four modules. The first module monitors network transmissions and creates a model of regular network activity. The second module receives the model of regular network activity and sets a threshold for irregular usage based on the model. The third module receives the threshold, compares a value of a candidate inter-nodal transmission of the network to the threshold, and identifies a potential intrusion when the value exceeds the threshold. The fourth module analyzes a transmission behavior of one or more nodes of the candidate inter-nodal transmission and identifies the network intrusion.
Type:
Application
Filed:
October 2, 2014
Publication date:
September 1, 2016
Applicant:
Cyberflow Analytics, Inc.
Inventors:
Hossein ESLAMBOLCHI, Louie GASPARINI, Chandra MADHEKAR, William WRIGHT