US 12,137,044 B2
Method for detecting systematic communications in a communications network, corresponding device, and computer program product
Dario Balinzo, Turin (IT); Stefano Imperiale, Turin (IT); Daniele Ucci, Turin (IT); and Riccardo Cardiello, Turin (IT)
Assigned to Aizoon S.r.l., Turin (IT)
Filed by Aizoon S.r.l., Turin (IT)
Filed on Apr. 27, 2022, as Appl. No. 17/730,273.
Claims priority of application No. 102021000011267 (IT), filed on May 3, 2021.
Prior Publication US 2022/0353169 A1, Nov. 3, 2022
Int. Cl. H04L 43/50 (2022.01); H04L 9/40 (2022.01); H04L 43/0852 (2022.01); H04L 69/22 (2022.01)
CPC H04L 43/50 (2013.01) [H04L 43/0852 (2013.01); H04L 63/205 (2013.01); H04L 69/22 (2013.01)] 10 Claims
OG exemplary drawing
 
1. A method of detecting systematic communications in a communication network, wherein the method comprises repeating the following steps for each data packet (DP) of a sequence of a plurality of data packets (DP) transmitted via said communication network from a respective source to a respective target:
obtaining metadata (MD) for said data packet (DP), wherein said metadata (MD) include data which identify said source and/or said target, and data which identify a transmission time (t) where said data packet (DP) has been sent;
verifying whether said data packet (DP) belongs to a given type of communication by verifying whether said metadata (MD) indicate that said data packet (DP) has been sent by a given source and/or has been received by a given target, and in case said metadata (MD) indicate that said data packet (DP) has been sent by a given source and/or has been received by a given target, computing a variance value Var for said given type of communication;
comparing said variance value Var with a threshold (TH), and in case said variance value Var is smaller than said threshold, generating a notification which indicates that said given type of communication is systematic;
wherein said computing said variance value Var for said given type of communication comprises:
verifying whether an ordered list (D) is empty,
in case said ordered list (D) is empty, adding said transmission time (t) as first element (d0) to said ordered list (D), and setting a sum of squares value ssq to zero,
in case said ordered list (D) is not empty, comparing said transmission time (t) with the transmission times stored in said ordered list (D), and
in case said transmission time (t) is greater than the transmission time of the last element (dk−1) in said ordered list (D):
a) computing the difference between said transmission time (t) and the transmission time of the last element (dk−1) of said ordered list (D),
b) updating said ordered list (D′) by adding said transmission time (t) as new last element (d′k) to the end of said ordered list (D), and
c) updating said sum of squares value ssq by adding the square of said difference;
in case said transmission time (t) is smaller than the transmission time of the first element in said ordered list (D):
a) computing the difference between the transmission time of the first element (d0) of said ordered list (D) and said transmission time (t),
b) updating said ordered list (D′) by adding said transmission time (t) as new first element (d′0) at the beginning of said ordered list (D), and
c) updating said sum of squares value ssq by adding the square of said difference;
in case said transmission time (t) is greater than the transmission time of the first element (d0) in said ordered list (D) and smaller than the transmission time of the last element (dk−1) in said ordered list (D):
a) determining a position (j) for inserting said transmission time (t), wherein said position corresponds to the position (j) of the element (dj) of said ordered list (D) which has a transmission time being greater than said transmission time (t) and follows the position of the immediately preceding element (dj−1) of said ordered list (D) which has a transmission time being smaller than said transmission time (t),
b) computing a first difference between the transmission time of the element (dj) of said ordered list (D) in said position (j) and said transmission time (t), computing a second difference between said transmission time (t) and the transmission time of the element (dj−1) of said ordered list (D) in the position which precedes said position (j), and determining a third difference between the transmission time of the element (dj) of said ordered list (D) in said position (j) and the transmission time of the element (dj−1) of said ordered list (D) in the position which precedes said position (j),
c) updating said ordered list (D′) by adding said transmission time (t) as new element (d′j) in said position (j) of said ordered list (D), and
d) updating said sum of squares value ssq by adding the square of said first difference and the square of said second difference, and subtracting the square of said third difference; and
determining a value k identifying the number of elements in said ordered list (D);
determining a difference ssp between the transmission time of the last element (d′k) of said updated ordered list (D′) and the transmission time of the first element (d′0) of said updated ordered list (D′); and
computing said variance value Var with the following equation:

OG Complex Work Unit Math