A method for detecting anomalies in traffic patterns and a traffic anomalies detector are presented. The method and the detector are based on estimating the fan-in of a node, i.e. the number of distinct sources sending traffic to a node, based on infrequent, periodic sampling. Destinations with an abnormally large fan-in are likely to be the target of an attack, or to be downloading large amounts of material with a P2P application. The method and the anomalies detector are extremely simple to implement and exhibit excellent performance on real network traces.

 
Web www.patentalert.com

< Method for generating a code mask for coding transmission over a traffic channel

< Methods and devices for re-routing MPLS traffic

> Scalable selective alarm suppression for data communication network

> Method for interoffice trunk testing

~ 00600