ALERTING AS TO DENIAL OF SERVICE ATTACKS
First Claim
1. A system comprising:
- a first server operatively coupled to a router, to receive a copy of network traffic processed by the router;
a database operatively coupled to the first server, wherein the first server receives, parses and records network traffic information onto the database; and
a device operatively coupled to the first server to receive alerts regarding possible Denial Of Service (DOS) attacks, the alerts based upon network traffic falling outside a standard deviation range.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and a system, wherein the system comprises a first server operatively coupled to a router, to receive a copy of network traffic processed by the router, a database operatively coupled to the first server, wherein the server records parsed network traffic information onto the database, and a device operatively coupled to the first server to receive alerts regarding possible denial-of-service attacks, the alerts based upon network traffic falling outside a standard deviation range. A method that comprises receiving a data packet from a network, parsing the data packet, storing data in the fields of the data packet into a database, comparing observed data set values with a historical data set values, sending an alert to a device based upon network traffic falling outside a standard deviation range, and updating the historical data set values by averaging the observed data set values with an old historical data set values.
-
Citations
22 Claims
-
1. A system comprising:
-
a first server operatively coupled to a router, to receive a copy of network traffic processed by the router; a database operatively coupled to the first server, wherein the first server receives, parses and records network traffic information onto the database; and a device operatively coupled to the first server to receive alerts regarding possible Denial Of Service (DOS) attacks, the alerts based upon network traffic falling outside a standard deviation range. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
receiving a data packet from a network; parsing the data packet into its respective fields; storing data in the fields of the data packet into a database as an observed data set; comparing observed data set values with a historical data set values; sending an alert to a device based upon network traffic falling outside a standard deviation range; and updating the historical data set values by averaging the observed data set values with an old historical data set values. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A computer-readable medium having instructions stored thereon for causing a suitably programmed computer to execute a method comprising:
-
a first instruction set to receive a data packet from a network; a second instruction set to parse the data packet into its respective fields; a third instruction set to store the data in the fields of the data packet into a database as an observed data set; a fourth instruction set to compare the observed data set with a historical data set; a fifth instruction set to send an alert to a device; and a sixth instruction set to update the historical data set by averaging the observed data set with an old historical data set.
-
Specification