Patent · US Active

Identifying source of malicious network messages

US9191396B2 · kind B2 · utility

1Cited by

24References

12Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Richard Nesbitt · Holly Springs, US
Brian M. O'Connell · Morrisville, US
Herbert D. Pearthree · Cary, US
Kevin E. Vaughan · Apex, US

Key dates

Filing date	Sep 8, 2005
Grant date	Nov 17, 2015
Priority date	—
Expiry date	Sep 17, 2034

Classification

Technology area (CPC H)Electricity
CPC primaryH04L2463/146
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

System, method and program for identifying a subset of a multiplicity of source networks. The subset including one or more source networks which have sent messages to one of a plurality of destination locations having a same IP address. For each of the multiplicity of source networks, a determination is made whether there are fewer intervening hops from the source network to the one destination location than from the source network to other of the plurality of destination locations. If so, the source network is included in the subset. If not, the source network is not included in the subset. One application of the present invention is to identify a source of a denial of service attack. After the subset is identified, filters can be sequentially applied to block messages from respective source networks in the subset to determine which source network in the subset is sending the messages.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.