Detecting past intrusions and attacks based on historical network traffic information
US9485262B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 28, 2014 |
| Grant date | Nov 1, 2016 |
| Priority date | — |
| Expiry date | Feb 6, 2035 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1433
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A device may receive information that identifies an attack signature for detecting an intrusion. The device may determine a device configuration that is vulnerable to the intrusion, may determine an endpoint device associated with the device configuration, and may determine a time period during which the endpoint device was associated with the device configuration. The device may determine an endpoint identifier associated with the endpoint device during the time period, and may identify network traffic information associated with the endpoint identifier during the time period. The device may apply the attack signature to the network traffic information, and may determine whether the endpoint device was subjected to the intrusion during the time period based on applying the attack signature to the network traffic information. The device may selectively perform an action based on determining whether the endpoint device was subjected to the intrusion.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.