Abstract
The present invention provides a target centric monitoring of a network enabling a likelihood score for the existence of an attack to be calculated. The score is calculated by monitoring a plurality of network nodes for a range of symptoms. Detected symptoms are then profiled using a classical Bayesian-based framework such that a node score is calculated for every node. The node scores are compared against reference activity so as to identify deviations from reference activity. The reference activity may comprise peer analysis comparing the node scores against the nodes scores or per nodes and discord analysis comparing the node score of a particular node against historical behaviour. Based on the deviations, the method can enable the calculation of a likelihood of suspicious activity for each node.
Original language | English |
---|---|
Patent number | US10681059B2 |
IPC | H04L 29/06 |
Priority date | 25/05/16 |
Filing date | 25/05/16 |
Publication status | Published - 9 Jun 2020 |