Patent · US Active

Containment mechanism for potentially contaminated end systems

US8020207B2 · kind B2 · utility

22Cited by

3References

18Claims

0Family size

Assignee

Alcatel Lucent · FR

Inventors

Stanley Chow · Ottawa, CA
Jean-Marc Robert · Ottawa, CA
Kevin McNamee · Ottawa, CA
Douglas Wiemer · Ashton, CA
Bradley Kenneth McFarlane · Ottawa, CA

Key dates

Filing date	Jan 23, 2007
Grant date	Sep 13, 2011
Priority date	—
Expiry date	May 24, 2030

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1458
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A malware detection and response system based on traffic pattern anomalies detection is provided, whereby packets associated with a variety of protocols on each port of a network element are counted distinctly for each direction. Such packets include: ARP requests, TCP/SYN requests and acknowledgements, TCP/RST packets, DNS/NETBEUI name lookups, out-going ICMP packets, UDP packets, etc. When a packet causes an individual count or combination of counts to exceed a threshold, appropriate action is taken. The system can be incorporated into the fast path, that is, the data plane, enabling communications systems such as switches, routers, and DSLAMs to have built-in security at a very low cost.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.