07594260 is referenced by 60 patents and cites 90 patents.

A method of network surveillance includes receiving network packets handled by a network entity and building at least one long-term and a least one short-term statistical profile from a measure of the network packets that monitors data transfers, errors, or network connections. A comparison of the statistical profiles is used to determine whether the difference between the statistical profiles indicates suspicious network activity.

Title
Network surveillance using long-term and short-term statistical profiles to determine suspicious network activity
Application Number
10/429611
Publication Number
7594260 (B2)
Application Date
May 5, 2003
Publication Date
September 22, 2009
Inventor
Alfonso Valdes
San Carlos
CA, US
Phillip Andrew Porras
Cupertino
CA, US
Assignee
SRI International
CA, US
IPC
G06F 15/00
G06F 15/173
View Original Source