Method, system and machine accessible medium for pattern based network defense. The traffic flow in a network is tracked independently form the payload data in the flow. The traffic flow pattern is compared with a set of predefined malicious traffic patterns descriptions. An event is triggered responsive to a match between a subset of the traffic patterns and the predefined malicious traffic descriptions.
展开▼