Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Systems and methods for capturing or analyzing time-series data

a time-series data and time-series technology, applied in the field of data processing, can solve the problems of increasing difficulty in detecting malicious activity carried on the network, more difficult to assess whether any particular portion of the data conveyed will cause harm, and detection systems fail to assess network traffi

Inactive Publication Date: 2014-04-10
VECTRA NETWORKS
View PDF13 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

The present invention is an intrusion detection system that can detect zero-day attacks in real-time by analyzing network data in real-time. The system includes a network interface, one or more processors, system memory, and system storage. The system can buffer network data from the network interface, apply statistical or machine-learning intrusion-detection models to the data, and aggregate the results to output an alert if an anomaly is detected. The system can also pre-process the network data and move it to the system memory before sending it to the network interface. The technical effects of the invention include improved detection of zero-day attacks and improved efficiency in detecting and responding to intrusions in real-time.

Problems solved by technology

In recent years, it has become increasingly difficult to detect malicious activity carried on networks.
The volume of traffic moving through a given node on modern networks is substantially larger than even in the recent past, making it more difficult to assess whether any particular portion of the data conveyed will cause harm.
Many existing intrusion detection systems fail to assess network traffic at the rates supported by modern networking equipment and at desired levels of accuracy and are, thus, vulnerable to being overwhelmed, for example, with a denial of service attack.
Similar problems are present in other fields in which data is captured, replayed, or analyzed at relatively high rates.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Systems and methods for capturing or analyzing time-series data
  • Systems and methods for capturing or analyzing time-series data
  • Systems and methods for capturing or analyzing time-series data

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024]FIGS. 1-8 describe systems and processes for capturing, replaying, or analyzing time-series data (e.g., network data passing through a network node over time) at a relatively high rate (for example, 10 gigabit (Gb) per second or faster), using relatively inexpensive, off-the-shelf commodity computing components. These techniques may be combined in a single system, e.g., an intrusion detection system, having different modes of operation for capture, replay, and analysis. But, it should be noted that these techniques may be used separately in different systems and applications, e.g., for data capture or replay in contexts other than detecting intrusions in network traffic.

[0025]The techniques described herein are broadly applicable. In some use cases, the techniques may be used to capture, replay, or analyze various types of data other than network traffic between other computers, for example internal or externally originated application program interface (“API”) calls, such as ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Provided is an intrusion detection system configured to detect anomalies indicative of a zero-day attack by statistically analyzing substantially all traffic on a network in real-time. The intrusion detection system, in some aspects, includes a network interface; one or more processors communicatively coupled to the network interface; system memory communicatively coupled to the processors. The system memory, in some aspects, stores instructions that when executed by the processors cause the processors to perform steps including: buffering network data from the network interface in the system memory; retrieving the network data buffered in the system memory; applying each of a plurality of statistical or machine-learning intrusion-detection models to the retrieved network data; aggregating intrusion-likelihood scores from each of the intrusion-detection models in an aggregate score, and upon the aggregate score exceeding a threshold, outputting an alert.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS[0001]The present application is a continuation of U.S. patent application Ser. No. 13 / 648,176, filed Oct. 9, 2012.BACKGROUND[0002]1. Field of the Invention[0003]The present disclosure relates generally to data processing and, more specifically, to capturing, replaying, and analyzing time-series data.[0004]2. Description of the Related Art[0005]In recent years, it has become increasingly difficult to detect malicious activity carried on networks. The volume of traffic moving through a given node on modern networks is substantially larger than even in the recent past, making it more difficult to assess whether any particular portion of the data conveyed will cause harm. Further, the sophistication of attacks has increased substantially, as entities with greater resources, such as organized crime and state actors, have directed resources towards developing new modes of attack. Many existing intrusion detection systems fail to assess network traff...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(United States)
IPC IPC(8): G06F21/00
CPCH04L63/1425G06F3/0619G06F3/0656G06F3/0689H04L63/1458
Inventor HARLACHER, JAMESABENE, MARK
Owner VECTRA NETWORKS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products