System and method for anti-network terrorism
First Claim
Patent Images
1. A computer-implemented method for protecting a host network from a flood-type denial of service attack, comprising the steps of:
- passively collecting a data packet from data received by the host network, the data packet comprising information indicating the attack;
comparing the information in the data packet to a signature of an attack type of the attack to determine whether the information and the signature comprise matching data; and
detecting the attack in response to a determination that the signature and the information comprise matching data.
1 Assignment
0 Petitions
Accused Products
Abstract
Protecting a host network from a flood-type denial of service attack by passively collecting a data packet from data received by the host network, comparing information in the data packet to a signature of an attack type of the attack, and detecting the attack in response to a determination that the signature and the information comprise matching data. A defensive countermeasure can be initiated to protect the host network from the attack and to provide a pathway for an offensive countermeasure against a source of the attack.
670 Citations
70 Claims
-
1. A computer-implemented method for protecting a host network from a flood-type denial of service attack, comprising the steps of:
-
passively collecting a data packet from data received by the host network, the data packet comprising information indicating the attack;
comparing the information in the data packet to a signature of an attack type of the attack to determine whether the information and the signature comprise matching data; and
detecting the attack in response to a determination that the signature and the information comprise matching data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 28, 29)
-
-
15. A computer-implemented method for protecting a host network from attack, comprising the steps of:
-
passively collecting a plurality of data packets from data received by the host network;
comparing information in respective data packets to determine if any pair of the data packets comprise similar information; and
detecting the attack in response to a determination that the pair of data packets comprise similar information.
-
-
27. A computer-implemented method for protecting a host network from attack, comprising the steps of:
-
detecting the attack based on a load capacity of the host network; and
initiating a defensive countermeasure to protect the host network from the attack in response to detection of the attack.
-
-
30. A computer-implemented method for generating a signature of a network attack type, the attack type corresponding to a flood-type denial of service attack comprising a plurality of data packets, said method comprising the steps of:
-
examining information included in each of the plurality of data packets;
identifying a repetitive pattern in the information of at least two of the plurality of data packets; and
storing the repetitive pattern as a signature of the attack type. - View Dependent Claims (31, 32)
-
-
33. A computer-implemented method for countering a flood-type denial of service network attack from a single source, the attack comprising an attacking data packet and the network comprising a host router, said method comprising the steps of:
-
reading an attacking source IP address from the attacking data packet; and
preventing an incoming data packet comprising the attacking source IP address from entering the host network through the host router. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A computer-implemented method for countering a flood-type denial of service network attack from multiple sources, the attack comprising a plurality of attacking data packets and the network comprising a host router, said method comprising the steps of:
-
reading an attack target IP address from one of the plurality of attacking data packets; and
preventing an incoming data packet having the attack target IP address from entering the host network through the host router. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51)
-
-
52. A system for protecting a host network from a flood-type denial of service attack, the host network comprising a host router, said system comprising:
-
an interface, coupled to the host router, operable for communicating data packets to and from the host router;
a database operable for storing a signature for an attack type of the attack, the attack type comprising a plurality of data packets;
a packet sniffing module operable for collecting a data packet from data received by the host router, the data packet comprising information indicating the attack; and
a decision module operable for detecting the attack by determining whether the information in the data packet matches the signature stored in the database. - View Dependent Claims (53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63)
-
-
64. A system for protecting a host network from a flood-type denial of service attack, the host network comprising a host router, said system comprising:
-
an interface, coupled to the host router, operable for communicating data packets to and from the host router;
a packet sniffing module operable for collecting a plurality of data packets from data received by the host router; and
a decision module operable for detecting the attack by comparing information in respective data packets to determine if any pair of data packets comprise similar information. - View Dependent Claims (65, 66, 67, 68, 69, 70)
-
Specification