Detecting a TCP session hijacking attack
US12388844B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Dec 16, 2020 |
| Grant date | Aug 12, 2025 |
| Priority date | — |
| Expiry date | Sep 4, 2041 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1466
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A computing system (500) is configured to detect a Transmission Control Protocol (TCP) session hijacking attack on a TCP session. In particular, the computing system monitors for nonsequential packets of the TCP session. The nonsequential packets each comprise a sequence number (220) that is different from a next expected sequence number of the TCP session. The computing system (500) calculates, for each of a plurality of time intervals, a variation metric representing an extent to which the sequence numbers (220) of the nonsequential packets received in the time interval differ from the next expected sequence number. The computing system determines a variation baseline representing a trend of the variation metrics over time, and detects the TCP session hijacking attack on the TCP session based on the variation metric in a given time interval being different from the variation baseline by less than a threshold.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.