×

PROTECTING AGAINST AND LEARNING ATTACK VECTORS ON WEB ARTIFACTS

  • US 20200137084A1
  • Filed: 10/25/2018
  • Published: 04/30/2020
  • Est. Priority Date: 10/25/2018
  • Status: Active Grant
First Claim
Patent Images

1. A system comprising:

  • a processor; and

    memory configured to store one or more sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of protecting against attacks to web files hosted on a web server by;

    performing a plurality of monitoring tasks by a service processor, the service processor being hosted by a baseboard management controller (BMC) and independent of a central processing unit (CPU) of the web server, the plurality of monitoring tasks comprising;

    receiving a plurality of packets forming access requests made to the web files;

    determining that a packet is suspicious when a source Internet Protocol (IP) address associated with the packet is not on a whitelist or a blacklist;

    updating a learning block with information about each suspicious packet, the information comprising a signature associated with the suspicious packet, a source IP address associated with the suspicious packet, and a time indicating when the suspicious packet arrived;

    updating a counter indicating a number of times a packet with the signature of the suspicious packet was received;

    forwarding the suspicious packet to the web server when the counter is below a threshold;

    not forwarding the suspicious packet to the web server when the counter is above the threshold; and

    upon not forwarding the suspicious packet, analyzing the suspicious packet in conjunction with other packets previously determined to be suspicious, the analyzing comprising;

    rearranging an order in which the suspicious packet and the other suspicious packets arrived to form a new arrival sequence of the suspicious packets;

    matching the new arrival sequence of the suspicious packets to attack patterns stored in an attack pattern database; and

    upon the new arrival sequence of the suspicious packets matching an attack pattern, adding source IP addresses associated with the suspicious packets matching the attack pattern to the blacklist.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×