Method of responding to a truncated secure session attack

Assignee

• International Business Machines Corporation · US

Inventors

• Brian Carpenter · Adliswil, CH
• Kevin D. Himberger · Durham, US
• Clark Debs Jeffries · Durham, US
• Mohammad Peyravian · Cary, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L69/22
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method of progressive response for invoking and suspending blocking measures that defend against network anomalies such as malicious network traffic so that false positives and false negatives are minimized. When a truncated secure session attack is detected, the detector notifies protective equipment such as a firewall or a router to invoke a blocking measure. The blocking measure is maintained for an initial duration, after which it is suspended while another test for the anomaly is made. If the attack is no longer evident, the method returns to the state of readiness. Otherwise, a loop is executed to re-applying the blocking measure for a specified duration, then suspend the blocking measure and test again for the attack. If the attack is detected, the blocking measure is re-applied, and its duration is adapted. If the attack is no longer detected, the method returns to the state of readiness.