Attack detection and prevention using global device fingerprinting

Assignee

• Juniper Networks, Inc. · US

Inventors

• Daniel J. Quinlan · Sunnyvale, US
• Kyle Adams · Brisbane, US
• Oskar Ibatullin · Sunnyvale, US
• Yuly Tenorio Morales · Concord, US
• Robert W. Cameron · Mountain View, US
• Bryan Burns · Portland, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L67/02
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

This disclosure describes a global attacker database that utilizes device fingerprinting to uniquely identify devices. For example, a device includes one or more processors and network interface cards to receive network traffic directed to one or more computing devices protected by the device, send, to the remote device, a request for data points of the remote device, wherein the data points include characteristics associated with the remote device, and receive at least a portion of the requested data points. The device also includes a fingerprint module to compare the received portion of the data points to sets of data points associated with known attacker devices, and determine, based on the comparison, whether a first set of data points of a first known attacker device satisfies a similarity threshold. The device also includes an security module to selectively manage, based on the determination, additional network traffic directed to the computing devices.