| CPC H04L 63/0876 (2013.01) [G06F 16/2477 (2019.01); H04L 63/1425 (2013.01); H04L 63/20 (2013.01)] | 19 Claims |
|
1. A method comprising:
detecting a connection request from a second computer device of a computer network;
collecting one or more new data sets related to the second computer device, wherein each data set of the one or more new data sets comprises one or more second data attributes extracted from network traffic data of the second computer device;
comparing the one or more new data sets related to the second computer device with one or more time series data sets maintained in a database comprising a plurality of time series data sets collected at different points in time, wherein each time series data set is associated with a predetermined identifier value of a previously known computer device of the computer network and comprises one or more first data attributes extracted from network traffic data of the previously known computer device, and wherein for each predetermined identifier value of the previously known computer device a plurality of time series data sets collected at different points in time are associated;
calculating one or more value scores related to the plurality of time series data sets based on comparing the one or more new data sets related to the second computer device with the one or more time series data sets of the plurality of time series data sets;
determining a device association score based on the one or more value scores related to the plurality of time series data sets, wherein the device association score determines an association level between the previously known computer device and the second computer device of the computer network;
based on the device association score, determining whether the second computer device is a same computer device as the previously known computer device; and
in response to determining that the second computer device is the same computer device as the previously known computer device, applying a same policy to the second computer device as previously applied to the previously known computer device, the policy comprising at least one of a communications policy and a network policy.
|