Detecting malicious attacks using network behavior and header analysis
US7936682B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Nov 9, 2005 |
| Grant date | May 3, 2011 |
| Priority date | — |
| Expiry date | Sep 19, 2028 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L69/22
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method and apparatus for detecting malicious attacks is described. The method may comprise obtaining routing information from a packet communicated via a network and maintaining a count of packets associated with a device associated with the routing information. For example, the routing information may a source or destination IP address, a port number, or any other routing information. The device may be classified as a potentially malicious device when the count exceeds a threshold. The count may be incremented when the TCP SYN flag is set and the TCP ACK flag is not set. An embodiment comprises obtaining a source hash of the source IP address and a destination hash of the destination IP address. Thereafter, the source hash and the destination hash may be mapped to multi stage filters. The device associated with the packet may then be selectively categorizing as a suspicious device.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.