Dynamic comparative analysis method and apparatus for detecting and preventing code injection and other network attacks
US9479526B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Nov 13, 2014 |
| Grant date | Oct 25, 2016 |
| Priority date | — |
| Expiry date | Dec 16, 2034 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1416
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A security appliance includes a vulnerable testbed that simulates at least one known vulnerability, and a secure testbed that simulates not having that vulnerability. A testbed monitor monitors run-time behavior of the vulnerable testbed and the secure testbed, obtaining at least one run-time behavior parameter. A comparative evaluator module compares the run-time behavior parameters with respect to the received client request to determine if it is legitimate or illegitimate. The security appliance outputs its determination with a message and/or by forwarding client requests deemed legitimate and dropping client requests deemed illegitimate. The determination can be based, on differences in the run-time behavior parameters. Illegitimate requests can be cached for later matching. The requests can be database data requests, XML formatted requests, operating system requests and/or other types of requests that would be differentially handled by a vulnerable server and a secure server.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.