SYSTEM AND METHOD FOR REAL-TIME REPORTING OF ANOMALOUS INTERNET PROTOCOL ATTACKS
First Claim
1. A system for monitoring Internet traffic, comprising:
- a first apparatus for detecting Internet traffic messages that are recognized as anomalous attacks;
a counter for counting the Internet traffic messages that are recognized as the anomalous attacks to provide a count;
a second apparatus for computing a running average of the number of Internet traffic messages that are recognized as anomalous attacks; and
a comparator for comparing the count to the running average and to provide an anomalous attack alarm if the count is greater than a multiple of the running average.
7 Assignments
0 Petitions
Accused Products
Abstract
A system and a method for detecting anomalous attacks in Internet network flow operate by counting a number of Internet traffic messages that are detected as anomalous attacks to provide a count; computing a running average of the number of messages that are detected as anomalous attacks; and comparing the count to the running average to provide an anomalous attack alarm if the count is greater than a multiple of the running average. The attacks can include at least one of spoofing attacks or denial of service attacks. A computer readable storage medium stores instructions of a computer program, which when executed by a computer system, results in performance of steps of the method.
-
Citations
30 Claims
-
1. A system for monitoring Internet traffic, comprising:
-
a first apparatus for detecting Internet traffic messages that are recognized as anomalous attacks; a counter for counting the Internet traffic messages that are recognized as the anomalous attacks to provide a count; a second apparatus for computing a running average of the number of Internet traffic messages that are recognized as anomalous attacks; and a comparator for comparing the count to the running average and to provide an anomalous attack alarm if the count is greater than a multiple of the running average. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for monitoring Internet traffic, comprising:
-
a processor which performs the steps of; detecting anomalous attacks in a network flow; counting a number of Internet traffic messages that are detected as anomalous attacks to provide a count; computing a running average of the number of Internet traffic messages that are detected as the anomalous attacks; comparing the count to the running average; and providing an anomalous attack alarm if the count is greater than a multiple of the running average. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for monitoring Internet traffic comprising:
-
receiving a network flow and detecting anomalous attacks in the network flow; counting a number of Internet traffic messages that are detected as anomalous attacks to provide a count; computing a running average of the number of messages that are detected as anomalous attacks; and comparing the count to the running average to provide an anomalous attack alarm if the count is greater than a multiple of the running average. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A computer readable non-transitory storage medium storing instructions of a computer program which when executed by a computer system results in performance of steps of a method, comprising:
-
receiving a network flow and detecting anomalous attacks in the network flow; counting a number of Internet traffic messages that are detected as anomalous attacks to provide a count; computing a running average of the number of messages that are detected as anomalous attacks; and comparing the count to the running average to provide an anomalous attack alarm if the count is greater than a multiple of the running average. - View Dependent Claims (30)
-
Specification