Systems and methods for point of ingress traceback of a network attack
First Claim
Patent Images
1. A method, comprising:
- receiving packets at the node;
computing one or more signatures for each of the received packets;
aggregating the computed one or more signatures in a first memory to produce one or more signature vectors, wherein the computed one or more signatures are aggregated over a collection interval R;
archiving the one or more signature vectors in a second memory;
providing the archived one or more signature vectors to an agent for determining a point of ingress for the packet when it entered a network; and
randomly zeroing out a fraction of the one or more signature vectors that are older than P seconds.
10 Assignments
0 Petitions
Accused Products
Abstract
An apparatus (520) for archiving signatures associated with packets received at a node in a network includes a first memory (620), a second memory (625), a signature tap (610), a multiplexer (615), and a controller (630). The signature tap (610) receives packets at the node and computes one or more signatures for each of the received packets. The multiplexer (615) aggregates the computed one or more signatures in the first memory (620) to produce one or more signature vectors. The controller (630) archives the one or more signature vectors in the second memory (625).
-
Citations
32 Claims
-
1. A method, comprising:
-
receiving packets at the node; computing one or more signatures for each of the received packets; aggregating the computed one or more signatures in a first memory to produce one or more signature vectors, wherein the computed one or more signatures are aggregated over a collection interval R; archiving the one or more signature vectors in a second memory; providing the archived one or more signature vectors to an agent for determining a point of ingress for the packet when it entered a network; and randomly zeroing out a fraction of the one or more signature vectors that are older than P seconds. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus for archiving signatures associated with packets received at a node in a network, comprising:
-
a first memory; a second memory; a signature tap configured to; receive packets at the node; compute one or more signatures for each of the received packets; a multiplexer configured to; aggregate, over a collection interval R, the computed one or more signatures in the first memory to produce one or more signature vectors; and a controller configured to; archive the one or more signature vectors in the second memory; and randomly zero out a fraction of the one or more signature vectors that are older than P seconds. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A system, comprising:
-
a first memory; a second memory; one or more signature taps configured to; receive packets at the node, and compute one or more signatures for each of the received packets; a multiplexer configured to; use each of the one or more signatures as addresses for addressing bit locations in the first memory, set memory bits in the addresses of the first memory corresponding to each of the one or more signatures; and a controller configured to archive a signature vector comprising a block of memory bits from the first memory in the second memory.
-
-
24. A system, comprising:
-
a first memory; a second memory; a signature tap to determine at least one signature for each packet of a plurality of received packets; a multiplexer to store, over a collection interval, the determined at least one signature for each of the plurality of received packets in the first memory to produce a signature vector that comprises a block of a plurality of signatures for at least a portion of the plurality of received packets; and a controller configured to archive the signature vector in the second memory after an expiration of the collection interval. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32)
-
Specification