Detection of an attack such as a pre-attack on a computer network
US6772349B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | May 3, 2000 |
| Grant date | Aug 3, 2004 |
| Priority date | — |
| Expiry date | May 3, 2020 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1441
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A computer program detects a potential attack on a computer network. A list E is made from network traffic data including source and destination addresses of traffic on the network. The list E includes all source addresses in the data which are not allocated to the network and are not in a list X. A first address in list E is chosen. A number of data entries including A and B and representing network traffic passing between source address A, chosen from list E, and destination address B, allocated to the network, is counted. If the number of such data entries is more than T, address A is output, thereby identifying address A as a potential source of attack. If it is determined that any entries in list E are left, the next address in list E is moved to, and the counting, outputting and determining is repeated, otherwise, stopping.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.