Determining blocking measures for processing communication traffic anomalies

US 7,523,494 B2
Filed: 02/05/2004
Issued: 04/21/2009
Est. Priority Date: 02/05/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method for processing communication traffic, said method comprising:

detecting an anomaly in communication traffic within a communication network;

in response to a detection of an anomaly occurred in said communication traffic, applying a blocking measure A, a blocking measure A &

B, and a blocking measure A &

!B to said communication traffic for stopping said anomaly;

determining whether or not said anomaly reoccurs after said blocking measure A &

B has been temporarily removed;

in response to a determination that said anomaly does not reoccur, canceling said block measure A &

B from being applied to said communication traffic and enforcing said blocking measure A &

!B on said communication traffic;

in response to a determination that said anomaly reoccurs, reimposing said blocking measure A &

B on said communication traffic and temporarily removing said blocking measure A &

!B from said communication traffic;

determining whether or not said anomaly reoccurs after said blocking measure A &

!B had been temporarily removed;

in response to a determination that said anomaly does not reoccur, canceling said block measure A &

!B from being applied to said communication traffic and enforcing said blocking measure A &

B on said communication traffic; and

in response to a determination that said anomaly reoccurs, reimposing said block measure A on said communication traffic.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Communication traffic is processed by detecting an anomaly in the communication traffic. A first blocking measure A is applied to the anomalous traffic that stops the anomalous traffic. A second blocking measure is determined such that application of a logical combination of the first blocking measure A and the second blocking measure to the anomalous traffic stops the anomalous traffic.

33 Citations

View as Search Results

4 Claims

1. A method for processing communication traffic, said method comprising:
- detecting an anomaly in communication traffic within a communication network;
  
  in response to a detection of an anomaly occurred in said communication traffic, applying a blocking measure A, a blocking measure A &
  
  B, and a blocking measure A &
  
  !B to said communication traffic for stopping said anomaly;
  
  determining whether or not said anomaly reoccurs after said blocking measure A &
  
  B has been temporarily removed;
  
  in response to a determination that said anomaly does not reoccur, canceling said block measure A &
  
  B from being applied to said communication traffic and enforcing said blocking measure A &
  
  !B on said communication traffic;
  
  in response to a determination that said anomaly reoccurs, reimposing said blocking measure A &
  
  B on said communication traffic and temporarily removing said blocking measure A &
  
  !B from said communication traffic;
  
  determining whether or not said anomaly reoccurs after said blocking measure A &
  
  !B had been temporarily removed;
  
  in response to a determination that said anomaly does not reoccur, canceling said block measure A &
  
  !B from being applied to said communication traffic and enforcing said blocking measure A &
  
  B on said communication traffic; and
  
  in response to a determination that said anomaly reoccurs, reimposing said block measure A on said communication traffic.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein said blocking measure A &
    - !B is a less restrictive blocking measure than said blocking measure A &
      
      B.
  - 3. The method of claim 1, wherein said detecting further includes detecting a pattern in a value of at least one protocol field associated with said communication traffic.
  - 4. The method of claim 1, wherein said detecting further includes detecting whether or not a flow rate of said anomalous traffic has exceeded a predetermined threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Himberger, Kevin, Jeffries, Clark D.
Primary Examiner(s)
KIM, JUNG W

Application Number

US10/774,140
Publication Number

US 20050177870A1
Time in Patent Office

1,902 Days
Field of Search

None
US Class Current

726/13
CPC Class Codes

H04L 63/1408 by monitoring network traff...

H04L 63/1441 Countermeasures against mal...

Determining blocking measures for processing communication traffic anomalies

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

33 Citations

4 Claims

Specification

Solutions

Use Cases

Quick Links

Determining blocking measures for processing communication traffic anomalies

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

4 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links