What technology area does this patent fall under?

Primary CPC classification H04L63/1408. Mapped technology areas include Electricity.

When was this patent published?

Publication date Thu May 05 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Detection of abnormal or malicious activity in point-to-point or packet-switched networks

US2022141237A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2022141237-A1
Application number	US-202017090275-A
Country	US
Kind code	A1
Filing date	Nov 5, 2020
Priority date	Nov 5, 2020
Publication date	May 5, 2022
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A method of detecting abnormal or malicious activity in a point-to-point or packet-switched data communication network includes tapping a link in the network to obtain a data stream transmitted from a node of the network in parallel with transmission of the data stream through the network. The tap is non-invasive because it does not interfere with the normal traversal of the data stream across the network. This is useful for certain applications, such as mission-critical systems, where it is desirable to monitor the network and inspect the data without adversely impacting or otherwise interfering with the normal operation of the system. The method further includes decoding a communication protocol encoded in the data stream to obtain payload data from the data stream, analyzing the payload data to detect abnormal or malicious activity, and notifying a host of the network of the detected abnormal or malicious activity in the payload data.

First claim

Opening claim text (preview).

What is claimed is: 1 . A computer program product including one or more non-transitory machine-readable mediums encoded with instructions that when executed by one or more processors cause a process to be carried out for detecting abnormal or malicious activity in a point-to-point or packet-switched data communication network, the process comprising: tapping a link in the network to obtain a separate, logical copy of a data stream transmitted from a node of the network in parallel with transmission of the data stream through the network; decoding a communication protocol encoded in the logical copy of the data stream to obtain payload or link data from the data stream; analyzing the payload data to detect abnormal or malicious activity; and in response to detecting abnormal or malicious activity, initiating a remedial action. 2 . The computer program product of claim 1 , wherein the node is a first node, wherein the data stream is a first data stream, wherein the payload or link data is first payload or link data, and wherein the process further comprises: tapping the link in the network to obtain a separate, logical copy of a second data stream transmitted from a second node of the network in parallel with transmission of the second data stream through the network; decoding the communication protocol encoded in the logical copy of the second data stream to obtain second payload or link data from the second data stream; and analyzing the first payload or link data and the second payload or link data to detect the abnormal or malicious activity. 3 . The computer program product of claim 2 , further comprising: interleaving the first payload or link data from the logical copy of the first data stream with the second payload or link data from the logical copy of the second data stream to obtain interleaved payload or link data; and analyzing the interleaved payload or link data to detect the abnormal or malicious activity. 4 . The computer program product of claim 1 , wherein initiating remedial action includes notifying a host of the network of the detected abnormal or malicious activity in the payload or link data, and wherein the process further comprises causing the host to respond to the notification of the detected abnormal or malicious activity. 5 . The computer program product of claim 1 , wherein the process further comprises storing the payload or link data in a First-in, first-out (FIFO) buffer or other storage device. 6 . The computer program product of claim 1 , wherein initiating remedial action includes sending the payload or link data to the host for further analysis. 7 . The computer program product of claim 1 , wherein the tapping is carried out using a Low Voltage Differential Signaling (LVDS) component of the network. 8 . The computer program product of claim 1 , wherein the tapping includes tapping a physical layer of the network to obtain the data stream. 9 . A system for detecting abnormal or malicious activity in a point-to-point or packet-switched data communication network, the system comprising: a payload monitor configured to tap a link in the network to obtain a separate, logical copy of a data stream transmitted from a node of the network in parallel with transmission of the data stream through the network; and a network monitor configured to: decode a communication protocol encoded in the logical copy of the data stream to obtain payload or link data from the data stream; analyze the payload or link data to detect abnormal or malicious activity; and notify a host of the network of the detected abnormal or malicious activity in the payload or link data. 10 . The system of claim 9 , wherein: the node is a first node; the data stream is a first data stream; the payload or link data is first payload or link data; the payload monitor is further configured to tap the link in the network to obtain a separate, logical copy of a second data stream transmitted from a second node of the network in parallel with transmission of the second data stream through the network; and the network monitor is further configured to decode the communication protocol encoded in the logical copy of the second data stream to obtain second payload or link data from the second data stream; and analyze the first payload or link data and the second payload or link data to detect the abnormal or malicious activity. 11 . The system of claim 1 , wherein the network monitor is further configured to: interleave the first payload or link data from the logical copy of the first data stream with the second payload or link data from the logical copy of the second data stream to obtain interleaved payload or link data; and analyze the interleaved payload or link data to detect the abnormal or malicious activity. 12 . The system of claim 9 , wherein the network monitor is further configured to cause the host to respond to the notification of the detected abnormal or malicious activity. 13 . The system of claim 9 , further comprising a First-in, first-out (FIFO) buffer or other storage device configured to store the payload or link data. 14 . The system of claim 9 , wherein the network monitor is further configured to send the payload or link data to the host for further analysis. 15 . The system of claim 9 , further comprising a Low Voltage Differential Signaling (LVDS) component configured to tap the network. 16 . The system of claim 9 , wherein the payload monitor is further configured to tap a physical layer of the network to obtain the data stream. 17 . A system for detecting abnormal or malicious activity in a SpaceWire network, the system comprising: a memory; and one or more processors in communication with the memory, the one or more processors configured to execute instructions stored in the memory to: decode a communication protocol encoded in a data stream transmitted from a node of the SpaceWire network to obtain payload or link data from a separate, logical copy of the data stream; analyze the payload or link data to detect abnormal or malicious activity; and notify a host of the SpaceWire network of the detected abnormal or malicious activity in the payload or link data. 18 . The system of claim 17 , wherein the one or more processors are further configured to execute instructions stored in the memory to tap a link in the SpaceWire network to obtain the logical copy of the data stream transmitted from the node of the SpaceWire network in parallel with transmission of the data stream through the SpaceWire network. 19 . The system of claim 17 , wherein the one or more processors are further configured to execute instructions stored in the memory to cause the host to respond to the notification of the detected abnormal or malicious activity. 20 . The system of claim 17 , further comprising a Low Voltage Differential Signaling (LVDS) component configured to tap the SpaceWire network.

Assignees

Bae Sys Inf & Elect Sys Integ

Inventors

Classifications

H04L63/1441
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
H04L63/1408Primary
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title
H04L69/324
in the data link layer [OSI layer 2], e.g. HDLC · CPC title
H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
H04L63/1425
Traffic logging, e.g. anomaly detection · CPC title

Patent family

Related publications grouped by family.

View patent family 81379509

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2022141237A1 cover?: A method of detecting abnormal or malicious activity in a point-to-point or packet-switched data communication network includes tapping a link in the network to obtain a data stream transmitted from a node of the network in parallel with transmission of the data stream through the network. The tap is non-invasive because it does not interfere with the normal traversal of the data stream across …
Who is the assignee on this patent?: Bae Sys Inf & Elect Sys Integ
What technology area does this patent fall under?: Primary CPC classification H04L63/1408. Mapped technology areas include Electricity.
When was this patent published?: Publication date Thu May 05 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).

How to read this patent

Abstract

First claim

Assignees

Inventors

Classifications

Patent family

External sources

Related patents

Systems and methods for detecting a communication anomaly

Method and apparatus for virtually tapping network traffic using a virtual packet broker

Method, device, and system for monitoring a security network interface unit

Frequently asked questions