VERIFYING NETWORK ATTACK DETECTOR EFFECTIVENESS
First Claim
Patent Images
1. A method, comprising:
- receiving, at a device in a network, a classifier tracking request from a coordinator device that specifies a classifier verification time period;
classifying, by the device and during the classifier verification time period, a set of network traffic that includes traffic observed by the device and attack traffic specified by the coordinator device;
generating, by the device, classification results based on the classified set of network traffic; and
providing, by the device, the classification results to the coordinator device.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a device receives a classifier tracking request from a coordinator device that specifies a classifier verification time period. During the classifier verification time period, the device classifies a set of network traffic that includes traffic observed by the device and attack traffic specified by the coordinator device. The device generates classification results based on the classified set of network traffic and provides the classification results to the coordinator device.
42 Citations
30 Claims
-
1. A method, comprising:
-
receiving, at a device in a network, a classifier tracking request from a coordinator device that specifies a classifier verification time period; classifying, by the device and during the classifier verification time period, a set of network traffic that includes traffic observed by the device and attack traffic specified by the coordinator device; generating, by the device, classification results based on the classified set of network traffic; and providing, by the device, the classification results to the coordinator device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method, comprising:
-
identifying, by a coordinator device in a network, a type of network attack; determining, by the coordinator device, a verification schedule during which an attack classifier executed by a device in the network is to be tested; coordinating, by the coordinator device, an attack detection test for the attack classifier for execution during the verification schedule and for the identified type of network attack; receiving, at the coordinator device, results of the attack detection test from the device; and evaluating, by the coordinator device, a performance of the attack classifier based on the results of the attack detection test. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. An apparatus, comprising:
-
one or more network interfaces to communicate with a network; a processor coupled to the network interfaces and configured to execute one or more processes; and a memory configured to store a process executable by the processor, the process when executed operable to; receive a classifier tracking request from a coordinator device that specifies a classifier verification time period; classify, during the classifier verification time period, a set of network traffic that includes traffic observed by the device and attack traffic specified by the coordinator device; generate classification results based on the classified set of network traffic; and provide the classification results to the coordinator device. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
-
24. An apparatus, comprising:
-
one or more network interfaces to communicate with a network; a processor coupled to the network interfaces and configured to execute one or more processes; and a memory configured to store a process executable by the processor, the process when executed operable to; identify a type of network attack; determine a verification schedule during which an attack classifier executed by a device in the network is to be tested; coordinate an attack detection test for the attack classifier for execution during the verification schedule and for the identified type of network attack; receive results of the attack detection test from the device; and evaluate a performance of the attack classifier based on the results of the attack detection test. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
Specification