DETECTION OF NETWORK ADDRESS SPOOFING AND FALSE POSITIVE AVOIDANCE
First Claim
1. A method for detection of network address spoofing and false positive avoidance in a network, the network including one or more hosts and a network management system, the method comprising:
- identifying a suspicious host in the network by the network management system;
detecting a condition indicative of network address spoofing by the suspicious host;
determining whether the condition is expected in normal traffic of the network; and
determining the suspicious host generated normal traffic in response to determining the condition is expected.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for detection of network address spoofing and false positive avoidance in a network is described herein. The network may include one or more hosts and a network management system. The network management system may identify a suspicious host in the network. A condition indicative of network address spoofing by the suspicious host may be detected. It may be determined whether the spoofing condition is expected in normal traffic of the network. In response to a determination that the spoofing condition is expected, it is determined that the suspicious host generated normal traffic.
79 Citations
20 Claims
-
1. A method for detection of network address spoofing and false positive avoidance in a network, the network including one or more hosts and a network management system, the method comprising:
-
identifying a suspicious host in the network by the network management system; detecting a condition indicative of network address spoofing by the suspicious host; determining whether the condition is expected in normal traffic of the network; and determining the suspicious host generated normal traffic in response to determining the condition is expected. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for detection of network address spoofing in a network, the network including one or more hosts and a plurality of network devices, the system comprising:
-
a processor; and a memory coupled to the processor, the memory configured to store an electronic document; wherein the processor is configured to; identify a suspicious host in the network by the network management system; detect a condition indicative of network address spoofing by the suspicious host; determine whether the condition is expected in normal traffic of the network; and determine the suspicious host generated normal traffic in response to determining the condition is expected. - View Dependent Claims (12, 13, 14)
-
-
15. A computer-readable medium storing a plurality of instructions for detection of network address spoofing and false positive avoidance in a network, the network including one or more hosts and a network management system, the plurality of instructions comprising:
-
instructions that cause the data processor to identify a suspicious host in the network by the network management system; instructions that cause the data processor to detect a condition indicative of network address spoofing by the suspicious host; instructions that cause the data processor to determine whether the condition is expected in normal traffic of the network; and instructions that cause the data processor to determining the suspicious host generated normal traffic in response to determining the condition is expected. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification