Patent · US Expired

Automatically detecting malicious computer network reconnaissance by updating state codes in a histogram

US7356587B2 · kind B2 · utility

9Cited by

8References

19Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Alan Boulanger · Amherst, US
Robert Danford · Raleigh, US
Kevin D. Himberger · Durham, US
Clark Debs Jeffries · Durham, US
Raj K. Singh · Cary, US

Key dates

Filing date	Jul 29, 2003
Grant date	Apr 8, 2008
Priority date	—
Expiry date	Jan 8, 2026

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/166
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A detection and response system that generates an Alert if unauthorized scanning is detected on a computer network that includes a look-up table to record state value corresponding to the sequence in which SYN, SYN/ACK and RST packets are observed. A set of algorithms executed on a processing engine adjusts the state value in response to observing the packets. When the state value reaches a predetermined value indicating that all three packets have been seen, the algorithm generates an Alert.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.