Patent · US Active

Identifying source of malicious network messages

US9455995B2 · kind B2 · utility

0Cited by

25References

9Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Richard Nesbitt · Holly Springs, US
Brian M. O'Connell · Morrisville, US
Herbert D. Pearthree · Cary, US
Kevin E. Vaughan · Apex, US

Key dates

Filing date	Oct 26, 2015
Grant date	Sep 27, 2016
Priority date	—
Expiry date	Oct 26, 2035

Classification

Technology area (CPC H)Electricity
CPC primaryH04L2463/146
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

System, method and program for identifying a subset of a multiplicity of source networks. The subset including one or more source networks which have sent messages to one of a plurality of destination locations having a same IP address. For each of the multiplicity of source networks, a determination is made whether there are fewer intervening hops from the source network to the one destination location than from the source network to other of the plurality of destination locations. If so, the source network is included in the subset. If not, the source network is not included in the subset. One application of the present invention is to identify a source of a denial of service attack. After the subset is identified, filters can be sequentially applied to block messages from respective source networks in the subset to determine which source network in the subset is sending the messages.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.