Mitigating network attacks using automatic signature generation
First Claim
Patent Images
1. A computer-implemented method for mitigating attacks of malicious traffic in a computer network, comprising:
- receiving a set of attack sequences, comprising first traffic sequences suspected of containing the malicious traffic;
analyzing the attack sequences so as to automatically extract a regular expression that matches at least a portion of the attack sequences in the set; and
comparing second traffic sequences to the regular expression in order to identify the second traffic sequences that contain the malicious traffic.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer-implemented method for mitigating attacks of malicious traffic in a computer network includes receiving a set of attack sequences, including first traffic sequences suspected of containing the malicious traffic, analyzing the attack sequences so as to automatically extract a regular expression that matches at least a portion of the attack sequences in the set, and comparing second traffic sequences to the regular expression in order to identify the second traffic sequences that contain the malicious traffic.
-
Citations
84 Claims
-
1. A computer-implemented method for mitigating attacks of malicious traffic in a computer network, comprising:
-
receiving a set of attack sequences, comprising first traffic sequences suspected of containing the malicious traffic;
analyzing the attack sequences so as to automatically extract a regular expression that matches at least a portion of the attack sequences in the set; and
comparing second traffic sequences to the regular expression in order to identify the second traffic sequences that contain the malicious traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 65, 66, 67)
-
-
22. Apparatus for mitigating attacks of malicious traffic in a computer network, comprising:
- a guard device, wherein the guard device is adapted to receive a set of attack sequences, comprising first traffic sequences suspected of containing the malicious traffic, to analyze the attack sequences so as to automatically extract a regular expression that matches at least a portion of the attack sequences in the set, and to compare second traffic sequences to the regular expression in order to identify the second traffic sequences that contain the malicious traffic.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- 43. A computer software product for mitigating attacks of malicious traffic in computer networks, the product comprising a computer-readable medium in which program instructions are stored, which instructions, when read by a computer, cause the computer to receive a set of attack sequences, comprising first traffic sequences suspected of containing the malicious traffic, to analyze the attack sequences so as to automatically extract a regular expression that matches at least a portion of the attack sequences in the set, and to compare second traffic sequences to the regular expression in order to identify the second traffic sequences that contain the malicious traffic.
-
64. Apparatus for mitigating attacks of malicious traffic in a computer network, comprising:
-
means for receiving a set of attack sequences, comprising first traffic sequences suspected of containing the malicious traffic;
means for analyzing the attack sequences so as to automatically extract a regular expression that matches at least a portion of the attack sequences in the set; and
means for comparing second traffic sequences to the regular expression in order to identify the second traffic sequences that contain the malicious traffic. - View Dependent Claims (68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84)
-
Specification