System, method and program for identifying and preventing malicious intrusions
First Claim
1. A method for identifying a malicious intrusion, said method comprising the steps of:
- determining a first number of different destination IP addresses, a second number of different destination ports and a third number of different signatures of messages, from a source IP address during a predetermined period; and
determining that in one or more other such predetermined periods said source IP address sent messages having said first number of different destination IP addresses, said second number of different destination ports and said third number of different signatures.
2 Assignments
0 Petitions
Accused Products
Abstract
Computer system, method and program product for identifying a malicious intrusion. A first number of different destination IP addresses, a second number of different destination ports and a third number of different signatures of messages, are identified from a source IP address during a predetermined period. A determination is made that in one or more other such predetermined periods the source IP address sent messages having the first number of different destination IP addresses, the second number of different destination ports and the third number of different signatures. Based on the determination that in the one or more other such predetermined periods the source IP address sent messages having the first number of different destination IP addresses, the second number of different destination ports and the third number of different signatures, a determination is made that the messages are characteristic of a malicious intrusion.
117 Citations
9 Claims
-
1. A method for identifying a malicious intrusion, said method comprising the steps of:
-
determining a first number of different destination IP addresses, a second number of different destination ports and a third number of different signatures of messages, from a source IP address during a predetermined period; and
determining that in one or more other such predetermined periods said source IP address sent messages having said first number of different destination IP addresses, said second number of different destination ports and said third number of different signatures. - View Dependent Claims (2, 3)
-
-
4. A system for identifying a malicious intrusion, said system comprising:
-
means for determining a first number of different destination IP addresses, a second number of different destination ports and a third number of different signatures of messages, from a source IP address during a predetermined period; and
means for determining that in one or more other such predetermined periods said source IP address sent messages having said first number of different destination IP addresses, said second number of different destination ports and said third number of different signatures. - View Dependent Claims (5, 6)
-
-
7. A computer program product for identifying a malicious intrusion, said computer program product comprising:
-
a computer readable medium;
first program instructions to determine a first number of different destination IP addresses, a second number of different destination ports and a third number of different signatures of messages, from a source IP address during a predetermined period; and
second program instructions to determine that in one or more other such predetermined periods said source IP address sent messages having said first number of different destination IP addresses, said second number of different destination ports and said third number of different signatures; and
whereinsaid first and second program instructions are stored on said medium. - View Dependent Claims (8, 9)
-
Specification