Logging attack context data
US9917857B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 18, 2017 |
| Grant date | Mar 13, 2018 |
| Priority date | — |
| Expiry date | Mar 18, 2037 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/20
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Methods and systems for improved attack context data logging are provided. According to one embodiment, prior to a logging event being triggered (i) it is determined by a network security device whether a received packet is potentially associated with a threat or undesired activity by analyzing the packet; (ii) when the determination is negative, the packet is stored within a circular buffer; and (iii) when the determination is affirmative, (a) the logging event is triggered, (b) pre-attack context information regarding the threat is captured by extracting information from packets within the circular buffer and (c) the pre-attack context information is stored within a log. After the logging event has been triggered and until information regarding a predefined quantity of packets has been logged, post-attack context information regarding the threat is captured by extracting information from subsequently received packets and the post-attack context information is stored within the log.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.