System and method for detection of network attacks
First Claim
1. A system for detection of network attacks on a protected computer, the system comprising:
- a proxy device configured to receive network traffic directed to the protected computer, redirect the received traffic to a filtering center and mirror the received traffic to a traffic sensor;
the traffic sensor configured to collect information about the mirrored traffic;
a data collector configured to generate, based on the collected information, traffic filtering rules for detecting network attacks on the protected computer; and
the filtering center configured to, in parallel with collection of the information from the mirrored traffic by the traffic sensor and based on the traffic filtering rules provided by the data collector, detect, in the redirected traffic, network attacks on the protected computer and filter out from the redirected traffic network traffic associated with the detected network attacks.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are systems, methods and computer program products for detection of network attacks on a protected computer. In one example, the system comprises a proxy device configured to redirect and mirror traffic directed to the protected computer; a traffic sensor configured to collect statistical information about the mirrored traffic; a data collector configured to aggregate information collected by the traffic sensor and to generate traffic filtering rules based on the aggregated statistical information; a filtering center configured to, in parallel with collection of statistical information, filter redirected traffic based on the traffic filtering rules provided by the data collector.
-
Citations
20 Claims
-
1. A system for detection of network attacks on a protected computer, the system comprising:
-
a proxy device configured to receive network traffic directed to the protected computer, redirect the received traffic to a filtering center and mirror the received traffic to a traffic sensor; the traffic sensor configured to collect information about the mirrored traffic; a data collector configured to generate, based on the collected information, traffic filtering rules for detecting network attacks on the protected computer; and the filtering center configured to, in parallel with collection of the information from the mirrored traffic by the traffic sensor and based on the traffic filtering rules provided by the data collector, detect, in the redirected traffic, network attacks on the protected computer and filter out from the redirected traffic network traffic associated with the detected network attacks. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer implemented method for detection of network attacks on a protected computer, the method comprising:
-
receiving at a proxy device network traffic directed to the protected computer; redirecting by the proxy device the received network traffic to a filtering center; mirroring by the proxy device the received network traffic to a traffic sensor; analyzing the mirrored network traffic by the traffic sensor and collecting information about the mirrored network traffic; generating, based on the collected information, traffic filtering rules for detecting network attacks on the protected computer; and filtering, in parallel with collection of the information from the mirrored traffic by the traffic sensor, the redirected traffic by the filtering center using the generated filtering rules. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product embedded in a non-transitory computer-readable storage medium, the computer-readable storage medium comprising computer-executable instructions detection of network attacks on a protected computer, the medium includes instructions for:
-
receiving at a proxy device network traffic directed to the protected computer; redirecting by the proxy device the received network traffic to a filtering center; mirroring by the proxy device the received network traffic to a traffic sensor; analyzing the mirrored network traffic by the traffic sensor and collecting information about the mirrored network traffic; generating, based on the collected information, traffic filtering rules for detecting network attacks on the protected computer; and filtering, in parallel with collection of the information from the mirrored traffic by the traffic sensor, the redirected traffic by the filtering center using the generated filtering rules. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification