US 9,813,433 B2
System and method for embedded mobile (EM)/machine to machine (M2M) security, pattern detection, mitigation
Cathal McDaid, Dublin (IE); Hugh Carr, Dublin (IE); and Mark Buckley, Dublin (IE)
Assigned to Adaptive Mobile Security Limited, Dublin (IE)
Appl. No. 14/770,083
Filed by Adaptive Mobile Security Limited, Dublin (IE)
PCT Filed Feb. 21, 2014, PCT No. PCT/EP2014/053413
§ 371(c)(1), (2) Date Aug. 24, 2015,
PCT Pub. No. WO2014/128253, PCT Pub. Date Aug. 28, 2014.
Claims priority of provisional application 61/768,121, filed on Feb. 22, 2013.
Claims priority of application No. 13158193 (EP), filed on Mar. 7, 2013.
Prior Publication US 2016/0006753 A1, Jan. 7, 2016
Int. Cl. H04L 29/00 (2006.01); H04L 29/06 (2006.01); G06F 21/55 (2013.01); H04W 4/00 (2009.01); H04L 12/26 (2006.01); H04L 12/24 (2006.01)
CPC H04L 63/1416 (2013.01) [G06F 21/55 (2013.01); H04L 43/00 (2013.01); H04L 43/04 (2013.01); H04L 63/0227 (2013.01); H04L 63/0245 (2013.01); H04L 63/1425 (2013.01); H04W 4/005 (2013.01); H04L 41/069 (2013.01); H04L 43/028 (2013.01); H04L 43/062 (2013.01); H04L 43/065 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A security system for use in a communications network, said network comprising means to allow a plurality of devices to communicate over the network wherein at least one device is a machine to machine (M2M) operated device and at least one other device is a human operated device, said security system comprising:
a data capture module to capture data traffic originating from the plurality of devices on the network;
an analyser module to analyse the data traffic, the analyser module configured to extract features from the captured data traffic, wherein the features describe behavioural patterns of individual M2M devices on the network, and wherein feature extraction is configured to (i) extract events from the captured traffic data and collate them by sender in order to derive per-device features, (ii) calculate statistics which refer to multiple events from the same sender, such that one or more characteristic profile features is calculated for a given sender device, and (iii) extract vocabulary data from the captured data traffic and compute a distribution of word frequencies from the vocabulary data to determine whether a device exhibits human or machine originated traffic; and
an identifier module to identify at least one of the M2M operated devices on the network based on the analysed data traffic, wherein the system is configured to dynamically adapt to different data traffic patterns on the network.