PROACTIVE CONTAINMENT OF NETWORK SECURITY ATTACKS
First Claim
Patent Images
1. A method of proactive containment of network security attacks, the method comprising:
- determining filtering parameters corresponding to a specific system vulnerability; and
distributing said parameters to network infrastructure components,wherein the network infrastructure components are configured to examine received packets using said parameters to identify whether the packets include a predetermined sequence of packets that signal an detest occurrence of an attack against the specific system vulnerability;
wherein the network infrastructure components are further configured to take action to inhibit the detected attack, andwherein the action to inhibit the attack comprises preventing the packets arranged in the predetermined sequence of packets from being transmitted through a network port, while permitting other packets to be transmitted without interruption.
1 Assignment
0 Petitions
Accused Products
Abstract
One embodiment disclosed relates to a method of proactive containment of network security attacks. Filtering parameters corresponding to a specific system vulnerability are determined. These parameters are distributed to network infrastructure components, and the network infrastructure components examine packets using these parameters to detect occurrence of an attack. Once an attack is detected, the network infrastructure components take action to inhibit the attack. Other embodiments are also disclosed.
31 Citations
26 Claims
-
1. A method of proactive containment of network security attacks, the method comprising:
-
determining filtering parameters corresponding to a specific system vulnerability; and distributing said parameters to network infrastructure components, wherein the network infrastructure components are configured to examine received packets using said parameters to identify whether the packets include a predetermined sequence of packets that signal an detest occurrence of an attack against the specific system vulnerability; wherein the network infrastructure components are further configured to take action to inhibit the detected attack, and wherein the action to inhibit the attack comprises preventing the packets arranged in the predetermined sequence of packets from being transmitted through a network port, while permitting other packets to be transmitted without interruption. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system of proactive containment of network security attacks, the system comprising:
-
a processor; and a storage device on which is stored machine-readable instructions to cause the processor to; determine network filtering parameters corresponding to a specific system vulnerability; and distribute said parameters to network infrastructure components, wherein the network infrastructure components are to; examine received packets using said parameters to identify whether the received packets include a predetermined sequence of packets that signal an occurrence of an attack against the specific system vulnerability; and take action to inhibit the detected attack, the action being to prevent the received packets arranged in the predetermined sequences of packets from being transmitted through a network port, while permitting other received packets to be transmitted without interruption.
-
-
19. A network infrastructure component to proactively contain network security attacks, the network infrastructure component comprising:
-
a processor; and
a storage device on which is stored machine-readable instructions to cause the processor to;receive and store network filtering parameters corresponding to a specific system vulnerability; examine received packets using said parameters to detect whether the received packets include a predetermined sequence of packets that signal an occurrence of an attack against the specific system vulnerability; and prevent the received packets arranged in the predetermined sequence of packets from being transmitted through a network port, while permitting other packets to be transmitted without interruption. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. A method of protecting against a known malicious attack on a system, the method comprising:
-
analyzing the known attack to determine an identifying behavior; determining filtering parameters corresponding to the identifying behavior; distributing said filtering parameters to network infrastructure components; and filtering received packets using said parameters to detect whether the received packets include the predetermined sequence of packets and inhibit the attack by preventing the received packets arranged in the predetermined sequence of packets from being transmitted through a network port, while permitting other packets to be transmitted without interruption.
-
-
26. A network infrastructure component to proactively contain network security attacks, the network infrastructure component comprising:
-
a processor; and a storage device on which is stored machine-readable instructions to cause the processor to; receive network filtering parameters corresponding to behavior of a known attack, wherein the network filtering parameters comprise a predetermined sequence of packets; and examine received packets using said parameters to detect whether the received packets include the predetermined sequence of packets and to prevent the packets arranged in the predetermined sequences of packets in the received packets from being transmitted through a network port, while permitting other received packets to be transmitted without interruption.
-
Specification