Detection of and responses to network attacks
First Claim
1. A non-transitory computer-readable medium embodying a program executable in a computing device, the program comprising:
- code that monitors data communications transmitted to a target class of first computing nodes;
code that, in response to detecting a non-legitimate data communication to a computing node in the target class, determines whether the non-legitimate data communication is a form of attack on a network to which the computing nodes are connected by tracking a number of attempted data communications from a source of the non-legitimate data communication against computing nodes in the target class of computing nodes and comparing the number against a threshold value,wherein membership of the target class of first computing nodes is made up of computing nodes that are not currently allocated to users within a data center and have been previously allocated to users, the data center further comprising second computing nodes connected to the network, wherein the second computing nodes are not part of the target class;
code that, in response to determining that the network is under attack, implementing new security measures for the second computing nodes that are not part of the target class to protect the second computing nodes against the attack on the network while the attack is ongoing; and
code that receives authorization from a user of a particular second computing node before making changes to access policies of the particular second computing node as part of the new security measures.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are various embodiments for detecting and responding to attacks on a computer network. One embodiment of such a method describes monitoring data communications transmitted to a target class of first computing nodes; in response to detecting a non-legitimate data communication to a computing node in the target class, determining whether the non-legitimate data communication is a form of attack on a network to which the computing nodes are connected; and in response to determining that the network is under attack, implementing new security measures for second computing nodes that are not part of the target class to protect the second computing nodes against the attack on the network while the attack is ongoing.
-
Citations
20 Claims
-
1. A non-transitory computer-readable medium embodying a program executable in a computing device, the program comprising:
-
code that monitors data communications transmitted to a target class of first computing nodes; code that, in response to detecting a non-legitimate data communication to a computing node in the target class, determines whether the non-legitimate data communication is a form of attack on a network to which the computing nodes are connected by tracking a number of attempted data communications from a source of the non-legitimate data communication against computing nodes in the target class of computing nodes and comparing the number against a threshold value, wherein membership of the target class of first computing nodes is made up of computing nodes that are not currently allocated to users within a data center and have been previously allocated to users, the data center further comprising second computing nodes connected to the network, wherein the second computing nodes are not part of the target class; code that, in response to determining that the network is under attack, implementing new security measures for the second computing nodes that are not part of the target class to protect the second computing nodes against the attack on the network while the attack is ongoing; and code that receives authorization from a user of a particular second computing node before making changes to access policies of the particular second computing node as part of the new security measures. - View Dependent Claims (2, 3)
-
-
4. A system, comprising:
-
at least one computing device; and a data transmission system manager executable in the at least one computing device, the data transmission system manager comprising; logic that receives notification of a detected activity involving one or more non-legitimate data communications to a target class of first computing nodes, wherein membership of the target class of first computing nodes is made up of a subset of computing nodes within a data center; logic that, in response to receiving the notification, determines which of a plurality of second computing nodes are vulnerable to the detected activity, wherein the plurality of second computing nodes are not members of the target class; logic that changes security measures of the plurality of second computing nodes to protect the second computing nodes that are vulnerable to the detected activity; and logic that restores the security measures to a previous state before the security measures were changed after the detected activity has stopped. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method, comprising:
-
monitoring, by a hardware processing unit, data communications transmitted to a target class of first computing nodes of a data center, wherein membership of the target class of first computing nodes is made up of a subset of computing nodes within a data center; in response to detecting a non-legitimate data communication to a computing node in the target class, determining, by the hardware processing unit, whether the non-legitimate data communication is a form of attack on a network to which the first computing nodes and a plurality of second computing nodes are connected; and in response to determining that the network is under attack, implementing, by the hardware processing unit, new security measures for the plurality of second computing nodes that are not part of the target class to protect the second computing nodes against the attack on the network while the attack is ongoing. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification