×

Compound attack detection in a computer network

  • US 8,209,756 B1
  • Filed: 01/27/2005
  • Issued: 06/26/2012
  • Est. Priority Date: 02/08/2002
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • presenting, with a network device, a user interface to define a compound attack definition for detecting a network attack identified by ordered occurrences in a packet flow of both at least one pattern and at least one protocol anomaly, wherein the at least one pattern identifies a binary pattern associated with a network attack that is different from the at least one protocol anomaly, and wherein the user interface includes a first input to select the at least one pattern, a second input to select the at least one protocol anomaly, and a third input that specifies an order in which the at least one pattern and the at least one protocol anomaly must occur in the packet flow for the compound attack definition to determine that the packet flow constitutes the network attack;

    receiving, with the network device, input data selecting the at least one protocol anomaly, the at least one pattern and the order via the respective first, second and third inputs of the user interface to define the compound attack definition for detecting the network attack;

    applying, with the network device, the compound attack definition to a packet flow of a computer network to determine whether the packet flow constitutes the network attack in that the packet flow includes both of the at least one pattern and the at least one protocol anomaly in the order specified by the compound attack definition; and

    selectively discarding, with the network device, the packet flow based on the determination of whether the packet flow constitutes the network attack.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×