Operating a communication network through use of blocking measures for responding to communication traffic anomalies
First Claim
Patent Images
1. A method of operating a communication network, comprising:
- autonomously monitoring communication traffic at a communication port for an anomalous traffic;
detecting an anomaly in communication traffic at a plurality of nodes in the communication network, wherein the anomaly is an attack other than a worm or virus;
independently applying, at respective ones of the plurality of nodes, a first blocking measure A to the anomalous traffic that stops the anomalous traffic;
independently determining, at the respective ones of the plurality of nodes, a second blocking measure B such that application of a logical combination of the first blocking measure A and the second blocking measure B stops the anomalous traffic;
applying a logical combination of A and the second blocking measure B given by (A &
!B) to the anomalous traffic, wherein the logical combination (A &
!B) is a less restrictive blocking measure than a logical combination (A &
B); and
enforcing the logical combination (A &
!B), if the logical combination (A &
!B) stops the anomalous traffic.
1 Assignment
0 Petitions
Accused Products
Abstract
A communication network is operated by detecting an anomaly in the communication traffic at a plurality of nodes in a communication network. A first blocking measure A is independently applied at respective ones of the plurality of nodes to the anomalous traffic that stops the anomalous traffic. A second blocking measure B is independently determined at the respective ones of the plurality of nodes such that application of a logical combination of the first blocking measure A and the second blocking measure B to the anomalous traffic stops the anomalous traffic.
-
Citations
27 Claims
-
1. A method of operating a communication network, comprising:
-
autonomously monitoring communication traffic at a communication port for an anomalous traffic; detecting an anomaly in communication traffic at a plurality of nodes in the communication network, wherein the anomaly is an attack other than a worm or virus;
independently applying, at respective ones of the plurality of nodes, a first blocking measure A to the anomalous traffic that stops the anomalous traffic;independently determining, at the respective ones of the plurality of nodes, a second blocking measure B such that application of a logical combination of the first blocking measure A and the second blocking measure B stops the anomalous traffic; applying a logical combination of A and the second blocking measure B given by (A &
!B) to the anomalous traffic, wherein the logical combination (A &
!B) is a less restrictive blocking measure than a logical combination (A &
B); and
enforcing the logical combination (A &
!B), if the logical combination (A &
!B) stops the anomalous traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of operating a communication network, comprising:
-
detecting an anomaly in communication traffic at a plurality of nodes in the communication network; synchronously applying, at respective ones of the plurality of nodes, a first blocking measure A to the anomalous traffic that stops the anomalous traffic; synchronously determining, at the respective ones of the plurality of nodes, a second blocking measure B such that application of a logical combination of the first blocking measure A and the second blocking measure B stops the anomalous traffic; applying a logical combination of A and the second blocking measure B given by (A &
!B) to the anomalous traffic, wherein the logical combination (A &
!B) is a less restrictive blocking measure than a logical combination (A &
B); and
enforcing the logical combination (A &
!B), if the logical combination (A &
!B) stops the anomalous traffic.
-
-
10. A system for operating a communication network, comprising:
-
a processor; program means executing on the processor including; means for autonomously monitoring communication traffic at a communication port for an anomalous traffic; means for detecting an anomaly in communication traffic at a plurality of nodes in the communication network, wherein the anomaly is an attack other than a worm or virus; means for independently applying, at respective ones of the plurality of nodes, a first blocking measure A to the anomalous traffic that stops the anomalous traffic; means for independently determining, at the respective ones of the plurality of nodes a, second blocking measure B such that application of a logical combination of the first blocking measure A and the second blocking measure B stops the anomalous traffic; means for applying a logical combination of A and the second blocking measure B given by (A &
!B) to the anomalous traffic, wherein the logical combination (A &
!B) is a less restrictive blocking measure than a logical combination (A &
B); and
means for enforcing the logical combination (A &
!B), if the logical combination (A &
!B) stops the anomalous traffic. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for operating a communication network, comprising:
-
means for detecting an anomaly in communication traffic at a plurality of nodes in the communication network; means for synchronously applying, at respective ones of the plurality of nodes, a first blocking measure A to the anomalous traffic that stops the anomalous traffic; means for synchronously determining a second blocking measure B at the respective ones of the plurality of nodes such that application of a logical combination of the first blocking measure A and the second blocking measure B stops the anomalous traffic; means for applying a logical combination of A and the second blocking measure B given by (A &
!B) to the anomalous traffic, wherein the logical combination (A &
!B) is a less restrictive blocking measure than a logical combination (A &
B); and
means for enforcing the logical combination (A &
!B), if the logical combination (A &
!B) stops the anomalous traffic.
-
-
19. A computer program product for operating a communication network, comprising:
-
a tangible computer storage medium having computer readable program code embodied therein, the computer readable program code comprising; computer readable program code configured to autonomously monitor communication traffic at a communication port for an anomalous traffic; computer readable program code configured to detect an anomaly in communication traffic at a plurality of nodes in the communication network, wherein the anomaly is an attack other than a worm or virus; computer readable program code configured to independently apply, at respective ones of the plurality of nodes, a first blocking measure A to the anomalous traffic that stops the anomalous traffic; computer readable program code configured to independently determine at the respective ones of the plurality of nodes a second blocking measure B such that application of a logical combination of the first blocking measure A and the second blocking measure B stops the anomalous traffic; computer readable program code configured to apply a logical combination of A and the second blocking measure B given by (A &
!B) to the anomalous traffic, wherein the logical combination (A &
!B) is a less restrictive blocking measure than a logical combination (A &
B); and
computer readable program code configured to enforce the logical combination (A &
!B), if the logical combination (A &
!B) stops the anomalous traffic. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
-
27. A computer program product for operating a communication network, comprising:
-
a tangible computer storage medium having computer readable program code embodied therein, the computer readable program code comprising; computer readable program code configured to detect an anomaly in communication traffic at a plurality of nodes in the communication network; computer readable program code configured to synchronously apply, at respective ones of the plurality of nodes, a first blocking measure A to the anomalous traffic that stops the anomalous traffic; computer readable program code configured to synchronously determine at the respective ones of the plurality of nodes a second blocking measure B such that application of a logical combination of the first blocking measure A and the second blocking measure B stops the anomalous traffic; computer readable program code configured to apply a logical combination of A and the second blocking measure B given by (A &
!B) to the anomalous traffic, wherein the logical combination (A &
!B) is a less restrictive blocking measure than a logical combination (A &
B); and
computer readable program code configured to enforce the logical combination (A &
!B), if the logical combination (A &
!B) stops the anomalous traffic.
-
Specification