SYSTEMS AND METHODS FOR FORENSIC ANALYSIS OF NETWORK BEHAVIOR

摘要

Systems and methods monitor and manage computer network traffic and identify a status of normality or consistency of the traffic on a per user, per internet protocol address or MAC address basis. More specifically, the systems and methods determine, with degrees of significance, the abnormality or inconsistency of network traffic from a user, IP address or MAC address based on a comparison of said network traffic to previous network traffic from the same location. Moreover, the systems and methods monitor and manage the network traffic whereby, after an anomaly has occurred, network traffic is tagged as suspicious and thereafter is flagged for forensic study and placed in storage. In addition, the systems and methods report tagged traffic and alert administrators of a breach or violation in the computer network.