×

Systems and methods for IP source address spoof detection

  • US 10,594,706 B2
  • Filed: 03/24/2017
  • Issued: 03/17/2020
  • Est. Priority Date: 01/27/2017
  • Status: Active Grant
First Claim
Patent Images

1. A method for detecting an attack on a network device, the method comprising:

  • aggregating a plurality of source Internet Protocol (IP) addresses included in a plurality of communications received at an interface device to a network;

    creating a classifier comprising at least one decision tree defining a range of source IP addresses of the received plurality of communications, wherein the range of source IP addresses identifies which source IP addresses are not suspect;

    verifying the classifier, wherein verifying the classifier comprises;

    applying, to the classifier, a second plurality of source IP addresses from a second plurality of communications;

    calculating a value resulting from applying, to the classifier, the second plurality of source IP addresses from the second plurality of communications to determine whether the second plurality of source IP addresses are within the range of source IP addresses defined by the classifier;

    receiving a communication comprising a particular source IP address;

    applying the particular source IP address to the at least one decision tree of the classifier to determine if the particular source IP address is within the range of source IP addresses defined by the classifier;

    when the particular source IP address is not within the range of source IP addresses defined by the classifier, determining that the communication is a suspect communication; and

    executing a mitigating procedure on the suspect communication.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×