| CPC H04L 63/1425 (2013.01) [G06N 3/02 (2013.01); H04L 41/145 (2013.01); H04L 41/16 (2013.01)] | 11 Claims |
|
1. A method for detecting anomalies in data traffic generated by peripheral devices simulating human-like patterns comprising:
retrieving, by computerized data processing means, all data packets sent by a peripheral device to a computer;
identifying, by said computerized data processing means, a data communication as a plurality of said data packets in a predetermined timeframe;
parsing, by said computerized data processing means, the content of each of said data packets of said data communication to extract a plurality of communication features of said data communication;
classifying, by said computerized data processing means, said communication features through a set of absolute classifiers of the binary type comprising two or more absolute classifiers and through a set of majority classifiers of the binary type comprising an odd number of majority classifiers; and
signalling, by said computerized data processing means, an anomaly of said data communication when at least the majority in said set of majority classifiers or at least one in said set of absolute classifiers marks said communication features as anomalous;
wherein said communication features comprise words or key combinations, and
wherein said set of absolute classifiers comprises a deny list classifier which marks said data communication as anomalous if said communication features are comprised in a predetermined list of anomalous words or key combinations.
|