Session slicing of mirrored packets
US-12184680-B2 · Dec 31, 2024 · US
Method and device for detecting anomalies in a computer network
US2020036738A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2020036738-A1 |
| Application number | US-201916453370-A |
| Country | US |
| Kind code | A1 |
| Filing date | Jun 26, 2019 |
| Priority date | Jul 30, 2018 |
| Publication date | Jan 30, 2020 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method for detecting anomalies in a computer network, in which a message transmitted over the computer network is received or recorded by a node of the computer network; based on at least the message, it is checked by a detection mechanism of the node whether the anomalies have occurred, and an occurrence of the anomalies is either confirmed or refuted according to a predefined detection rule of the detection mechanism.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method for detecting anomalies in a computer network, comprising: receiving or recording, by a node of the computer network, a message transmitted over the computer network; based at least on the message, checking, by a detection mechanism of the node, whether an anomaly has occurred; and confirming or refuting an occurrence of the anomaly according to a predefined detection rule of the detection mechanism. 2 . The method as recited in claim 1 , wherein the computer network includes a switching device and terminals, and the node is one of the terminals. 3 . The method as recited in claim 1 , wherein the message is received, and the checking further takes place based on at least one present state of the node, and the detection rule relates to particular value combinations of the received message and of the state. 4 . The method as recited in claim 1 , wherein the message is received upon a request of the node, and the detection rule relates to an expected response to the request. 5 . The method as recited in claim 1 , wherein the message is recorded, the checking further takes place based on at least one present state of the node, and the detection rule relates to particular value combinations of the recorded message and of the present state of the node. 6 . The message as recited in claim 1 , wherein the message is received or recorded after the node has sent an earlier message in a certain state, and the detection rule relates to particular value combinations of the earlier message, of the received or recorded message, and of the certain state. 7 . The method as recited in claim 1 , wherein the message is recorded, the checking further takes place based on at least one present state of the node, and the detection rule relates to particular value combinations of the recorded message and of the present state. 8 . A non-transitory machine-readable memory medium on which is stored a computer program for detecting anomalies in a computer network, the computer program, when executed on a computer, causing the computer to perform: receiving or recording, by a node of the computer network, a message transmitted over the computer network; based at least on the message, checking, by a detection mechanism of the node, whether an anomaly has occurred; and confirming or refuting an occurrence of the anomaly according to a predefined detection rule of the detection mechanism. 9 . A device, configured to detect anomalies in a computer network, the device configured to: receive or record, by a node of the computer network, a message transmitted over the computer network; based at least on the message, check, by a detection mechanism of the node, whether an anomaly has occurred; and confirm or refute an occurrence of the anomaly according to a predefined detection rule of the detection mechanism.
Assignees
Inventors
Classifications
- H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
- H04L63/1425Primary
Traffic logging, e.g. anomaly detection · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2020036738A1 cover?
- A method for detecting anomalies in a computer network, in which a message transmitted over the computer network is received or recorded by a node of the computer network; based on at least the message, it is checked by a detection mechanism of the node whether the anomalies have occurred, and an occurrence of the anomalies is either confirmed or refuted according to a predefined detection rule…
- Who is the assignee on this patent?
- Bosch Gmbh Robert
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1416. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Jan 30 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).