Patent · US Active

Network attack detection

US10581915B2 · kind B2 · utility

29Cited by

10References

20Claims

0Family size

Assignee

MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

Mathias Scherman · Nes Ziona, IL
Daniel Mark Edwards · Bothell, US
Tomer Koren · Nes Ziona, IL
Royi Ronen · Nes Ziona, IL

Key dates

Filing date	Oct 31, 2016
Grant date	Mar 3, 2020
Priority date	—
Expiry date	Jul 6, 2037

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1425
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Enhancements to network security are provided by identifying malicious actions taken against servers in a network environment, without having to access log data from individual servers. Seed data are collected by an administrator of the network environment, from honeypots and servers whose logs are shared with the administrator, to identify patterns of malicious actions to access the network environment. These patterns of use include ratios of TCP flags in communication sessions, entropy in the use of TCP flags over the life of a communication session, and packet size metrics, which are used to develop a model of characteristic communications for an attack. These attack models are shared with servers in the network environment to detect attacks without having to examine the traffic logs of those servers.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.