456 results about "Network activity" patented technology

A computer worm containment system comprises a detection system and a blocking system. The detection system orchestrates a sequence of network activities in a decoy computer network and monitors that network to identify anomalous behavior and determine whether the anomalous behavior is caused by a computer worm. The detection system can then determine an identifier of the computer worm based on the anomalous behavior. The detection system can also generate a recovery script for disabling the computer worm or repairing damage caused by the computer worm. The blocking system is configured to use the computer worm identifier to protect another computer network. The blocking system can also use the recovery script to disable a computer worm within the other network and to repair damage caused to the network by the worm.

A method for determining whether anomalous activity exists on a network includes receiving a packet from the network, the packet including one or more fields. A classification of the packet based on the one or more fields is determined. A first counter of one or more counters associated with detecting the anomalous activity is incremented based on the classification. An activity metric associated with the one or more counters is determined based on the incrementing, wherein the activity metric is anticipated to fall within a threshold. Whether the anomalous activity exists on the network is determined based on whether the activity metric falls within the threshold.

A system and method for the establishment and maintenance of wireless network, such as wireless network enabling access to the World Wide Web. The network can be created by its users as part of social network activity. The users are using automated resources discovery, verification and mapping as a comprehensive wireless resources search engine. Once few locations are mapped as wireless service “hot spots,” the service area can be expanded as users keep discovering and mapping more resources. These existing wireless Internet access resources could be mined by users to create spontaneous wireless network providing wide area high-speed data service.

A computer worm containment system comprises a detection system and a blocking system. The detection system orchestrates a sequence of network activities in a decoy computer network and monitors that network to identify anomalous behavior and determine whether the anomalous behavior is caused by a computer worm. The detection system can then determine an identifier of the computer worm based on the anomalous behavior. The detection system can also generate a recovery script for disabling the computer worm or repairing damage caused by the computer worm. The blocking system is configured to use the computer worm identifier to protect another computer network. The blocking system can also use the recovery script to disable a computer worm within the other network and to repair damage caused to the network by the worm.

A method, system, and computer program product for detecting and mapping activity occurring at and between devices on a computer network for utilization within an intrusion detection mechanism. An enhanced graph matching intrusion detection system (eGMIDS) utility executing on a control server provides data collection functions and data fusion techniques. The eGMIDS comprises multiple sensors and associated unique adaptors that are located at different remote devices of the network and utilized to detect specific types of activity occurring at the respective devices relevant to eGMIDS processing. The sensors convert the data into eGMIDS format and encapsulate the data in a special transmission packet that is transmitted to the control server. The eGMIDS utility converts the activity data within these packets into eGMIDS-usable format and then processes the converted data via a data fusion technique to generate a graphical representation of the network (devices) and the activity occurring at / amongst the various devices.

In various embodiments, techniques are provided for creating visualizations of network traffic. Such disclosed techniques may be incorporated by or implemented by one or more computing devices, computer systems, embedded systems, application-specific circuitry, or the like, that generate visualizations of network traffic. Network traffic information may be obtained in response to monitoring network traffic associated with a communications network. The network traffic information may include a variety of detailed or summary analysis of network traffic. In general, network traffic may summarized according to applications associated with network traffic. Hierarchies developed based on relationships between application categories, the applications themselves, and users or groups associated with the applications may be used to develop one or more of a variety of visual representations of the network traffic information.

A method, system, and computer program product for utilizing a mapping of activity occurring at and between devices on a computer network to detect and prevent network intrusions. An enhanced graph matching intrusion detection system (eGMIDS) is provided that provides data collection functions, data fusion techniques, graph matching algorithms, and secondary and other search mechanisms. Threats are modeled as a set of entities and interrelations between the entities and sample threat patterns are stored within a database. The eGMIDS utility initiates a graph matching algorithm by which the threat patterns are compared within the generated activity graph via subgraph isomorphism. A multi-layered approach including a targeted secondary layer search following a match during a primary layer search is provided. Searches are tempered by attributes and constraints and the eGMIDS reduces the number of threat patterns searched by utilizing ontological generalization.