Security attack detection and defense
First Claim
1. A method of detecting an attack on an authentication service, said method comprising:
- storing data relating to a plurality of requests communicated to an authentication service from a plurality of user agents via a data communication network, searching the stored data based on a query variable to identify at least one of the plurality of the requests communicated from at least one of the plurality of the user agents, and comparing the stored data associated with each of the identified requests with a predefined pattern characterizing an attack to determine when the identified request indicates the characterized attack on the authentication service.
2 Assignments
0 Petitions
Accused Products
Abstract
Detecting an attack on an authentication service. A first memory area is configured to store data relating to a plurality of requests communicated to an authentication service from a plurality of user agents. A second memory area is configured to store a predefined pattern of one or more requests. The predefined pattern characterizes an attack. A processor searches the stored data as a function of a query variable to identify at least one of the plurality of the requests communicated from at least one of the plurality of the user agents and compares the stored data associated with each of the identified requests with the predefined pattern to determine whether the identified request indicates the attack characterized by the predefined pattern. Other aspects of the invention are directed to computer-readable media for use with detecting the attack on the authentication service.
207 Citations
40 Claims
-
1. A method of detecting an attack on an authentication service, said method comprising:
-
storing data relating to a plurality of requests communicated to an authentication service from a plurality of user agents via a data communication network, searching the stored data based on a query variable to identify at least one of the plurality of the requests communicated from at least one of the plurality of the user agents, and comparing the stored data associated with each of the identified requests with a predefined pattern characterizing an attack to determine when the identified request indicates the characterized attack on the authentication service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system of detecting an attack on an authentication service, said system comprising:
-
a first memory area to store data relating to a plurality of requests communicated to an authentication service from a plurality of user agents via a data communication network, said data being stored in the first memory area as a log of the authentication service;
a second memory area to store a predefined pattern of one or more requests, said predefined pattern characterizing an attack on the authentication service; and
a processor configured to execute computer-executable instructions to;
search the stored data as a function of a query variable to identify at least one of the plurality of the requests communicated from at least one of the plurality of the user agents, compare the stored data associated with each of the identified requests with the predefined pattern, and determine whether the identified request indicates the attack characterized by the predefined pattern. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A user authentication system comprising:
-
a first memory area to store data relating to a plurality of requests communicated from a plurality of user agents;
a second memory area to store a predefined pattern of one or more requests, said predefined pattern characterizing an attack; and
a processor configured to execute computer-executable instructions to;
search the stored data based on a query variable to generate a result set that identifies at least one of the plurality of the requests communicated from at least one of the plurality of the user agents, and compare each of the identified requests with the predefined pattern to determine if the characterized attack has occurred. - View Dependent Claims (27, 28, 29, 30, 31, 32)
-
-
33. One or more computer-readable media having computer-executable components for detecting an attack on an authentication service, said computer-readable media comprising:
-
a memory component to store data relating to a plurality of requests communicated to an authentication service from a plurality of user agents via a data communication network, a query component to search the stored data as a function of a query variable to identify at least one of the plurality of the requests communicated from at least one of the plurality of the user agents, and an analyzing component to compare the stored data associated with each of the identified requests with a predefined pattern characterizing an attack to determine when the identified request indicates the characterized attack on the authentication service. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
-
Specification