Detecting over-mitigation of network traffic by a network security element
US11444973B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Apr 9, 2020 |
| Grant date | Sep 13, 2022 |
| Priority date | — |
| Expiry date | Apr 2, 2041 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L69/28
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A computer method and system for detecting and preventing over-mitigation of network attacks (e.g., Denial of Service (DoS) attacks) upon a protected computer network by a network security element. A determination is made as to whether captured data packets transmitting to a protected network are associated with legitimate network traffic (e.g., non-attack traffic). A matching pattern of the captured data packets determined legitimate network traffic is generated and test traffic packets utilizing the matching pattern of the captured data packets are then generated. The generated test traffic packets are then injected into the network security element/filter. A determination is then made as to whether if the injected test traffic packets are treated as a malicious traffic (e.g., a DoS attack), or as legitimate traffic, by the network security filter. If treated as malicious traffic (e.g., the network security filter is treating legitimate traffic as malicious), indication is provided to cause changes to the network security filter to prevent legitimate traffic from being treated as malicious (e.g., attack/DoS traffic).
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.