Title:
APPARATUS METHOD AND MEDIUM FOR DETECTING PAYLOAD ANOMALY USING N-GRAM DISTRIBUTION OF NORMAL DATA
Document Type and Number:
WIPO Patent Application WO2005050369
Kind Code:
A3
Abstract:
A method, apparatus and medium are provided for detecting anomalous payloads transmitted through a network. The system (100) receives payloads within the network and determines a length for data contained in each payload. A statistical distribution is generated for data contained in each payload received within the network. The model payload can be selected such that it has a predetermined length range that encompasses the length for data contained in the received payload. Anomalous payloads are then identified based on differences detected between the statistical distribution of received payloads and the model distribution. The system (100) can also provide for automatic training and incremental updating of models.
More Like This:
| WO/1995/013681 | INTERACTIVE INFORMATION SERVICES CONTROL SYSTEM |
| JPS6166428 | INTEGRATION SYSTEM OF VOICE AND DATA |
| JPH05300068 | MULTIPLE ADDRESS SATELLITE COMMUNICATION SYSTEM |
Inventors:
STOLFO SALVATORE J (US)
WANG KE (US)
WANG KE (US)
Application Number:
PCT/US2004/037653
Publication Date:
June 15, 2006
Filing Date:
November 12, 2004
Export Citation:
Assignee:
UNIV COLUMBIA (US)
STOLFO SALVATORE J (US)
WANG KE (US)
STOLFO SALVATORE J (US)
WANG KE (US)
International Classes:
H04J3/16; H04J3/07; H04J3/24; H04L12/26; H04L12/28; H04L29/06
Foreign References:
| US20040111632A1 | 2004-06-10 | |||
| US20040024736A1 | 2004-02-05 | |||
| US20030014662A1 | 2003-01-16 |
Other References:
See also references of EP 1682990A4
Download PDF: