A10 Networks, Inc.
NETWORK SESSION TRAFFIC BEHAVIOR LEARNING SYSTEM

Abstract:

Provided is a method for identifying suspicious traffic. The method may commence with compiling statistical data for a plurality of hosts. The method may further include generating data lists for with the plurality of hosts based on the statistical data. The method may continue with receiving a data packet from a host of the plurality of hosts. The data packet may be associated with a plurality of parameters. The method may further include analyzing one or more of the plurality of parameters associated with the data packet using the data lists. The method may continue with determining, based on the analysis, that the one or more of the plurality of parameters are outside a predetermined tolerance zone. Based on the determination that the one or more of the plurality of parameters are outside the predetermined tolerance zone, a mitigation action associated with the host may be selectively initiated.