Patent · US Active

Automatically detecting malicious computer network reconnaissance by updating state codes in a histogram

US7734776B2 · kind B2 · utility

3Cited by

17References

14Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Alan Boulanger · Amherst, US
Robert Danford · Raleigh, US
Kevin D. Himberger · Durham, US
Clark Debs Jeffries · Durham, US
Raj K. Singh · Cary, US

Key dates

Filing date	Feb 29, 2008
Grant date	Jun 8, 2010
Priority date	—
Expiry date	May 6, 2028

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/166
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A detection and response system that generates an Alert if unauthorized scanning is detected on a computer network that includes a look-up table to record state value corresponding to the sequence in which SYN, SYN/ACK and RST packets are observed. A set of algorithms executed on a processing engine adjusts the state value in response to observing the packets. When the state value reaches a predetermined value indicating that all three packets have been seen, the algorithm generates an Alert.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.