Method and apparatus for monitoring malicious traffic in communication networks
US9794272
Originating portfolio: ALU
Estimated expiration: 2036-May-23
Potentially relevant companies (1): Juniper Networks Inc.
Products & technologies (1): Network:Firewall
ZL200610130941.2
2014-SEP-17
Grant
ZL
EP1980054
2008-OCT-15
Application
EP
WO2007088424
2007-AUG-09
Application
WO
Abstract
A method and apparatus for monitoring data traffic in a communication network are provided. A router connected to the communication network monitors information contained in the data traffic, and based on the information determines whether data in the traffic is indicative of a malicious threat to one or more resources connected to the network. Parameters which control monitoring of traffic at the router, such as the sampling rate and what information is to be extracted from the data is varied according to the condition of the network so that the monitoring can be adapted to focus on traffic which relates to a particular suspected or detected threat.
First claim
1. A method of monitoring data traffic in a communication network, comprising:
receiving the data traffic at a router connected to said communication network;
monitoring, at said router, a flow of said received data traffic at a predetermined point on a flow path carrying said flow of the received data traffic, wherein said monitoring comprises a single stage monitoring process performed using exclusively one of a plurality of different monitoring criteria, including a first monitoring criteria and a second monitoring criteria, such that the data traffic that is subject to monitoring at said predetermined point is only monitored according to one of said monitoring criteria, and the second monitoring criteria isolates characteristics of a malicious threat;
said monitoring further including monitoring said flow of the received data traffic at said predetermined point on said flow path according to said first monitoring criteria;
based on information contained in the data traffic monitored according to the first monitoring criteria, determining whether data in the traffic is indicative of the malicious threat to one or more resources connected to said communication network, and only if said determining step determines that data in said traffic is indicative of the malicious threat, changing the monitoring criteria in said single stage monitoring process from the first monitoring criteria to the second monitoring criteria; and
monitoring subsequently received data traffic at said predetermined point along said flow path according to said second monitoring criteria, instead of said first monitoring criteria.
Interested in licensing a slice of this patent? Contact us to take the next step, or read about our method to understand the logistics.