Defenses against software attacks in distributed computing environments
First Claim
Patent Images
1. A method, including steps of:
- operating a first computing device coupled to a distributed computing environment;
maintaining a record of a first pattern of legitimate message traffic;
comparing a pattern of current message traffic received at the first computing device to said record of the first pattern of legitimate message traffic; and
taking action in response to said steps of comparing, including;
determining if the pattern of current message traffic includes attack traffic;
operating a second computing device coupled to said distributed computing environment and disposed to receive messages from said first computing device to ameliorate said attack traffic;
wherein the steps of taking action to ameliorate the attack traffic include steps of;
sending information regarding said pattern of current message traffic to a logically distinct location in a network;
comparing said information to a second pattern of message traffic at the logically distinct location; and
determining if the second pattern of message traffic at the logically distinct location includes attack traffic and ameliorating the attack traffic.
12 Assignments
0 Petitions
Accused Products
Abstract
The invention provides apparatus and methods for defending against attacks in a distributed computing environment, including (1) distinguishing attack traffic patterns from legitimate traffic patterns, (2) responsive to nature of message patterns; (3) attack traffic has few origination points, and does not divide further from target device; (4) detectors of illegitimate traffic can cooperate to confirm the suspected attack, with the effect of providing more information to each other.
-
Citations
11 Claims
-
1. A method, including steps of:
-
operating a first computing device coupled to a distributed computing environment; maintaining a record of a first pattern of legitimate message traffic; comparing a pattern of current message traffic received at the first computing device to said record of the first pattern of legitimate message traffic; and taking action in response to said steps of comparing, including; determining if the pattern of current message traffic includes attack traffic; operating a second computing device coupled to said distributed computing environment and disposed to receive messages from said first computing device to ameliorate said attack traffic; wherein the steps of taking action to ameliorate the attack traffic include steps of; sending information regarding said pattern of current message traffic to a logically distinct location in a network; comparing said information to a second pattern of message traffic at the logically distinct location; and determining if the second pattern of message traffic at the logically distinct location includes attack traffic and ameliorating the attack traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
Specification