Methods and devices for automatically detecting attack signatures and generating attack signature identifications
US10855701B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Nov 5, 2018 |
| Grant date | Dec 1, 2020 |
| Priority date | — |
| Expiry date | Nov 5, 2038 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1458
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Network traffic management apparatuses, systems, methods, and computer-readable media for automatically detecting attack signatures and generating attack signature identifications, involving: collecting a stable dataset during a stable time; determining whether a cyber-attack is detected; when a cyber-attack is detected, periodically generating attack signatures and updating an enforcer with the attack signatures, the attack signatures representing dynamic rules to be enforced; validating the dynamic rules via a long-time validation mechanism, validating involving considering behavior of each dynamic rule after the cyber-attack and during a new cyber-attack and ranking each dynamic rule using the stable dataset, thereby generating persistent rules having a dynamic rule; exporting the persistent rules to a security enforcer; introducing the persistent rules to a persistent rule revocater; determining whether export of an unrevoked persistent rule is requested; and if requested, exporting the unrevoked persistent rule of the persistent rules through a mitigator and collecting statistics.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.