Patent · US Active

Method and apparatus for generating network attack signature

US8065729B2 · kind B2 · utility

3Cited by

5References

17Claims

0Family size

Assignee

KOREA ADVANCED INSTITUTE OF SCIENCE AND TECHNOLOGY · KR

Inventors

Sung Won Yi · Yongin-si, KR
Hwa-Shin Moon · Daejeon, KR
Young Chan Shin · Daejeon, KR
Jin Tae Oh · Daejeon, KR

Key dates

Filing date	Nov 29, 2007
Grant date	Nov 22, 2011
Priority date	—
Expiry date	Jul 11, 2030

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/56
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Provided is a method and apparatus for generating a network attack signature capable of generating a signature having a high reliability while minimizing a whitelist used to prevent false positive. An application header and application data are separated from each other to measure byte distributions of the application header and the application data from an input packet. When an attack signature is generated by analyzing the measured byte distributions, a substring of the application data is used to generate the attack signature, and a substring of the application header is used as supporting information on the signature.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.