×

METHOD AND SYSTEM FOR NETWORK CONNECTION CHAIN TRACEBACK USING NETWORK FLOW DATA

  • US 20150256555A1
  • Filed: 03/02/2015
  • Published: 09/10/2015
  • Est. Priority Date: 03/07/2014
  • Status: Active Grant
First Claim
Patent Images

1. A method for network connection chain traceback in a traceback system for a network attack, the method comprising:

  • (A) searching, by one or more respective trace agents distributed on a network, a network session including a trace address included in finger printing information as a destination address by referring to a database for network flow information to generate finger printing information in which a source address of the searched session is substituted with the trace address; and

    (B) searching, by the respective trace agents, the network flow information including the substituted finger printing information by referring to the database to generate new finger printing information including a corresponding destination address of the searched network flow information as the trace address and generate an attack connection chain list further including an ID for a corresponding network session in addition to an ID for the previous network session.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×