System and method to protect a webserver against application exploits and attacks
First Claim
1. A method of protecting, from packet data communication exploits, a target computer server system having a request handling interface that responds to a data processing request of a packet data communication, the method comprising:
- receiving over a data communication network a plurality of data processing requests;
identifying as being anomalous, by an automated anomaly analyzer, a first data processing request of the plurality of data processing requests, the first data processing request having been transmitted by a first packet data protocol sending device,wherein in response to the identifying as being anomalous, the automated anomaly analyzer;
(1) directs the first data processing request to a first diagnostic instrumented module configured to provide virtualization of the request handling interface in processing the first data processing request and to determine an anomaly severity of the first data processing request, and(2) performs a second data processing comprising;
(a) transmitting, to the first packet data protocol remote sending device, a packet data protocol redirect request for accessing the target computer server system,(b) transmitting, to the first packet data protocol sending device, a response to the first data processing request at a reduced content data byte per second rate compared with the rate of the response to the second data processing request, and(c) transmitting, to the first packet data protocol sending device, a response including invoking code requesting additional data from a network server resource other than the first packet data protocol sending device; and
identifying as being non-anomalous, by the automated anomaly analyzer, a second data processing request of the plurality of data processing requests,wherein in response to the identifying as being non-anomalous, the automated anomaly analyzer transmits the second data processing request to the target computer server system.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and a system of protecting a target computer server system from packet data communication exploits are described. Such a method may include: identifying as being anomalous a first data processing request, and in response: (1) directing the first data processing request to a first diagnostic instrumented module that provides virtualization of a target server or request handling interface and determines an anomaly severity of the first data processing request, and (2) transmitting to the sender of the first data processing request a packet data protocol redirect request for accessing the target computer server system or slow walks a response to the sender. A packet data communication exploit suspect may be determined based on processing of the first data processing request by the first diagnostic instrumented module. The first diagnostic instrumented module may be a virtual server or container virtualizing the server.
427 Citations
71 Claims
-
1. A method of protecting, from packet data communication exploits, a target computer server system having a request handling interface that responds to a data processing request of a packet data communication, the method comprising:
-
receiving over a data communication network a plurality of data processing requests; identifying as being anomalous, by an automated anomaly analyzer, a first data processing request of the plurality of data processing requests, the first data processing request having been transmitted by a first packet data protocol sending device, wherein in response to the identifying as being anomalous, the automated anomaly analyzer; (1) directs the first data processing request to a first diagnostic instrumented module configured to provide virtualization of the request handling interface in processing the first data processing request and to determine an anomaly severity of the first data processing request, and (2) performs a second data processing comprising; (a) transmitting, to the first packet data protocol remote sending device, a packet data protocol redirect request for accessing the target computer server system, (b) transmitting, to the first packet data protocol sending device, a response to the first data processing request at a reduced content data byte per second rate compared with the rate of the response to the second data processing request, and (c) transmitting, to the first packet data protocol sending device, a response including invoking code requesting additional data from a network server resource other than the first packet data protocol sending device; and identifying as being non-anomalous, by the automated anomaly analyzer, a second data processing request of the plurality of data processing requests, wherein in response to the identifying as being non-anomalous, the automated anomaly analyzer transmits the second data processing request to the target computer server system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66)
-
-
26. A method of protecting from packet data communication exploits, a target computer server system having a request handling interface that responds to a data processing request of a packet data communication, the method comprising:
-
receiving over a data communication network a plurality of data processing requests; identifying as being non-anomalous, by an automated anomaly analyzer, a second data processing request of the plurality of data processing requests, wherein in response to the identifying as being non-anomalous, the automated anomaly analyzer transmits the second data processing request to the target computer server system; identifying as being anomalous, by the automated anomaly analyzer, a first data processing request of the plurality of data processing requests, the first data processing request having been transmitted by a first packet data protocol sending device, wherein in response to the identifying as being anomalous, the automated anomaly analyzer; (1) directs the first data processing request to a diagnostic instrumented module configured to provide virtualization of the request handling interface in processing the first data processing request and to determine an anomaly severity of the first data processing request, and (2) performs a second data processing comprising; (a) transmitting, to the first packet data protocol remote sending device, a packet data protocol redirect request for accessing the target computer server system, (b) transmitting a response, to the first packet data protocol sending device, at a reduced content data byte per second rate compared with the rate of the response to the non-anomalous request, and (c) transmitting, to the first packet data protocol sending device, a response including invoking code requesting additional data from a network server resource other than the first packet data protocol sending device. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A method of protecting from packet data communication exploits, a target computer server system having a request handling interface that responds to a data processing request of a packet data communication, the method comprising:
-
receiving over a data communication network a plurality of data processing requests; identifying as being non-anomalous, by an automated anomaly analyzer, a second data processing request of the plurality of data processing requests, wherein in response to the identifying as being non-anomalous, the automated anomaly analyzer transmits the second data processing request to the target computer server system; identifying as being anomalous, by the automated anomaly analyzer, a first data processing request of the plurality of data processing requests, the first data processing request having been transmitted by a first packet data protocol sending device, wherein in response to the identifying as being anomalous, the automated anomaly analyzer; (1) directs the first data processing request to a diagnostic instrumented module configured to provide virtualization of the request handling interface in processing the first data processing request and to determine an anomaly severity of the first data processing request, and (2) the second data processing further performing; (a) transmitting, to the first packet data protocol remote sending device, a packet data protocol redirect request for accessing the target computer server system, (b) transmitting, to the first packet data protocol sending device, a response to the first data processing request at a reduced content data byte per second rate compared with the rate of the response to the second data processing request, and (c) transmitting, to the first packet data protocol sending device, a response including invoking code requesting additional data from a network server resource other than the first packet data protocol sending device, wherein a response to the non-anomalous request requesting a same data as the data requested by the first data processing request is free of the invoking code. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
-
-
67. A system configured to protect a target computer server system against packet data communication exploits, the target computer server system having a request handling interface that responds to a data processing request of a packet data communication received over a data communication network from a first packet data protocol sending device, the system comprising:
-
a network interface configured to receive over the data communication network a plurality of data processing requests; an automated anomaly analyzer configured to identify as being anomalous a first data processing request of the plurality of data processing requests, the first data processing request having been transmitted by the first packet data protocol sending device; and the automated anomaly analyzer configured to identify as being non-anomalous, a second data processing request of the plurality of data processing requests and, in response to the identifying the second data processing request as being non-anomalous, the automated anomaly analyzer transmits the second data processing request to the target computer server system for preparing a response to the second data processing request, wherein in response to the identifying the first data processing request as being anomalous, the automated anomaly analyzer; (1) directs the first data processing request to a first diagnostic instrumenter configured to provide virtualization of the request handling interface in processing the first data processing request, and (2) performs a second processing comprising; (a) transmitting, to the first packet data protocol remote sending device, a packet data protocol redirect request for accessing the target computer server system, (b) transmitting, to the first packet data protocol sending device, a response to the first data processing request at a reduced content data byte per second rate compared with the rate of the response to the second data processing request, and (c) transmitting, to the first packet data protocol sending device, a response including invoking code requesting additional data from a network server resource other than the first packet data protocol sending device, wherein the response to the second data processing request requesting a same data as the data requested by the first data processing request is free of the invoking code. - View Dependent Claims (68, 69, 70, 71)
-
Specification