公开(公告)号：US20160080404A1

公开(公告)日：2016-03-17

申请号：US14485731

申请日：2014-09-14

Applicant: Cisco Technology, Inc.

Inventor： Jan KOHOUT ,  Jan JUSKO ,  Tomas PEVNY ,  Martin REHAK

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/1408 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1466 ,  H04L63/1491 ,  H04L63/164 ,  H04L63/20

Abstract: In one embodiment a method, system and apparatus is described for detecting a malicious network connection, the method system and apparatus including determining, for each connection over a network, if each connection is a persistent connection, if, as a result of the determining, a first connection is determined to be a persistent connection, collecting connection statistics for the first connection, creating a feature vector for the first connection based on the collected statistics, performing outlier detection for all of the feature vector for all connections over a network which have been determined to be persistent connections, and reporting detected outliers. Related methods, systems and apparatus are also described.

公开(公告)号：US20160226902A1

公开(公告)日：2016-08-04

申请号：US15095076

申请日：2016-04-10

Applicant: Cisco Technology, Inc.

Inventor： Jan KOHOUT ,  Jan JUSKO ,  Tomas PEVNY ,  Martin REHAK

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/1408 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1466 ,  H04L63/1491 ,  H04L63/164 ,  H04L63/20

Abstract: In one embodiment a method, system and apparatus is described for detecting a malicious network connection, the method system and apparatus including determining, for each connection over a network, if each connection is a persistent connection, if, as a result of the determining, a first connection is determined to be a persistent connection, collecting connection statistics for the first connection, creating a feature vector for the first connection based on the collected statistics, performing outlier detection for all of the feature vector for all connections over a network which have been determined to be persistent connections, and reporting detected outliers. Related methods, systems and apparatus are also described.

Abstract translation: 在一个实施例中，描述了一种用于检测恶意网络连接的方法，系统和装置，所述方法系统和装置包括针对网络上的每个连接确定每个连接是否是持久连接，如果作为确定的结果， 确定第一连接是持久连接，收集第一连接的连接统计信息，基于所收集的统计信息创建用于第一连接的特征向量，对具有网络的所有连接的所有连接的所有特征向量进行异常检测 被确定为持续连接，并报告检测到异常值。 还描述了相关方法，系统和装置。